Manualshelf

Installation guide

ManualsBrandsRed Hat ManualsComputer equipmentDIRECTORY SERVER 2.0 - GATEWAY
12345678910
custom internal applications
Many of these programs are not developed with proxy compatibility in mind. For a
successful transparent proxy deployment, the network must be configured to allow the
proxy’s static bypass feature to work. See the “Static bypass rules” section, in the
chapter titled Transparent Proxy Caching and ARM, in the Websense Content
Gateway Online Help.
Because traffic management is centralized, users cannot easily bypass the proxy.
This type of deployment requires the implementation of at least one other network
device that is not required in the explicit proxy deployment. Added equipment
presents compatibility issues, as all network devices must work together smoothly and
efficiently. The overall system is often more complex and usually requires more
network expertise to construct and maintain.
The use of a Layer 4 switch or WCCP-enabled router to redirect traffic in a transparent
proxy deployment can provide redundancy and load distribution features for the
network. These devices not only route traffic intelligently among all available servers,
but can also detect whether a proxy is nonfunctional. In that case, the traffic is re-
routed to other, available proxies.
Exception handling can be included in switch or router configuration. For example,
requests for data from some internal, trusted sites can be allowed to bypass the proxy.
Layer 4 switch
You can implement policy-based routing (PBR) for a transparent proxy deployment
with the use of a Layer 4 switch, which can be configured to redirect a request to the
proxy, as follows:
1. Create an access control list (ACL) that identifies the Web traffic that should be
intercepted.
2. Develop a route map to define how the intercepted Web traffic should be modified
for redirection.
3. Apply a “redirect to proxy” policy to the switch interface.
See Websense Content Gateway Online Help (Transparent Proxy Caching and ARM
chapter) for more information about the use of a Layer 4 switch.
WCCP-enabled router
WCCP is a protocol used to route client request traffic to a specific proxy. A WCCP-
enabled router can distribute client requests based on the proxy servers IP address,
routing traffic to the proxy most likely to contain the requested information.
The router may use Generic Routing Encapsulation (GRE) to forward IP packets to
the proxy. GRE is a tunneling protocol that allows point-to-point links between
multiple traffic routing hops.