Non-Transparent

Discuss and get help to configue CacheGuard to protect internet users
User avatar
FortifyIT
Posts: 21
Joined: 10 Apr 2018 19:07
Contact:

Non-Transparent

Post by FortifyIT »

Hey

do we just turn off Transparent Mode to put it into regular proxy mode (i.e. setting browsers to go to whatever IP/DNS name for the proxy)?

Testing CG in Transparent mode now but want to set it up in Non-Transparent mode to test at client sites so we can then go live with this to provide secure browsing for our clients.

THanks
Mike
User avatar
charles
Site Admin
Posts: 41
Joined: 06 Nov 2014 16:23
Location: Paris
Contact:

Re: Non-Transparent

Post by charles »

Hi,

When the forwarding proxy mode is activated (command mode web on), the non-transparent (or explicit) Web proxy mode is always enabled (and can't be deactivated). To deactivate the explicit forwarding proxy, you should deactivate the forwarding proxy mode (command mode web off)

Best Regards,
Charles Tajvidi
IT Technical Architect
http://www.cacheguard.com
User avatar
FortifyIT
Posts: 21
Joined: 10 Apr 2018 19:07
Contact:

Re: Non-Transparent

Post by FortifyIT »

Hi

I want to put CG into a colo datacenter with a static IP so I can point my clients to it to be used as a web proxy.

How would I go about setting up the NIC's? Would I only need to worry about setting the External NIC?

Thanks
Mike
User avatar
david
Posts: 163
Joined: 08 Aug 2015 20:38

Re: Non-Transparent

Post by david »

Hi,

CacheGuard can only be implemented in a two arms configuration (with two IP addresses: one for the external and one for the internal). In your case ,you will need 2 public IP addresses in two distinct networks.

If having two public IP addresses is not an option, you should place your CacheGuard behind a firewall with NAT capabilities and implement the architecture represented in the attached diagram.

Best Regards,
Attachments
RemoteCGAsService.jpeg
RemoteCGAsService.jpeg (72.94 KiB) Viewed 19925 times
David Janeway
CacheGuard Technical Team
https://www.cacheguard.com
User avatar
FortifyIT
Posts: 21
Joined: 10 Apr 2018 19:07
Contact:

Re: Non-Transparent

Post by FortifyIT »

Got it. I will do the Firewall option, that's what I was thinking I would have to do with only one Public IP. Thanks for confirming and clarifying.

WOrking on building a server up now so i can test things out.

Thanks
Mike
User avatar
david
Posts: 163
Joined: 08 Aug 2015 20:38

Re: Non-Transparent

Post by david »

Hi,

You are very welcome!
If you need any further information, please do not hesitate to contact us on this forum.

Best Regards,
David Janeway
CacheGuard Technical Team
https://www.cacheguard.com
User avatar
FortifyIT
Posts: 21
Joined: 10 Apr 2018 19:07
Contact:

Re: Non-Transparent

Post by FortifyIT »

Hey David

the Two IP option, I'll talk to the CoLo and see if I can get two IP's. So basically with two IP mode, Internal gets one and the External gets the other IP and that's all that would have to be done?
User avatar
david
Posts: 163
Joined: 08 Aug 2015 20:38

Re: Non-Transparent

Post by david »

Hi,

Yes, provided that the two IP addresses are not in the same subnet.

Best Regards,
David Janeway
CacheGuard Technical Team
https://www.cacheguard.com
User avatar
FortifyIT
Posts: 21
Joined: 10 Apr 2018 19:07
Contact:

Re: Non-Transparent

Post by FortifyIT »

Ok Great. Thanks David. Just wanted to verify that.

I'll get with my Colo and see what they can do. I tried studying your picture and I was getting confused. I'm not the greatest networker.

Thanks
Mike
User avatar
FortifyIT
Posts: 21
Joined: 10 Apr 2018 19:07
Contact:

Re: Non-Transparent

Post by FortifyIT »

Hi David


Ok I need some help. I have the server in the COLO with two public IP's. I can get to the interface over the External IP side but I can't get to it from the Internal IP side. Setting the Proxy up just kills my browsing.

I'm clearly doing something wrong or have something set wrong.

Could you help? Could you log in? if so PM me and i can give you the information
Post Reply