• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

multiple branches, multiple proxies?

L

lockmac

Senior member
Hi thier.
Currently, we have 5 branches across Australia. We have our datacenter which receives our internet connection and pushes it through a proxy, in which all branches connect to through our WAN.

We are thinking of getting a dedicated internet connection at each branch.

How would we go about this in terms of proxy? Would we have to have a separate proxy for each branch? Is their a way where each proxy server can get its list of allow/deny (most likely use squid or similar) from a central place, or have them keep up to date so we don't have to change each proxy?

Cheers
 
I'm not too familiar with squid, but assuming it stores the acls in flat files it is trivial to use a cron job to rsync the files from a central server and reload the lists into squid.
 
what is your current WAN solution...FR, MPLS, etc? what is your current proxy solution? you would need a separate proxy at each site if you wish to filter ALL internet traffic. ive only used BlueCoat proxies, but i don't think squid has replication built in. im sure you could script something to sync the proxy acl's...

the real question is do you really want to support this type of decentralized infrastructure? multiple proxies, firewalls, rule sets, and entry points into your network. what exactly are you trying to solve? redundancy, throughput, functionality, etc?

this of course depends on a lot of factors, but I would stand up your second largest site as a redundant / load balanced Internet exit point. you would only have 2 proxies/firewalls to manage, added availability, and lightened load on the DC. again, this is assuming A LOT.
 
The reason we want to do this is really for a few reasons:
- added redundancy for when our WAN goes out- we could just create a VPN tunnel to over the internet
- speed: our WAN is only capable of 512kb/s, so we have 3 of them. We want an internet connection so we can free up one of our WAN links

I think the idea of just having a proxy at each site would be the best and just setup CRON jobs to replicate the squid.allowlist and squid.denylist to each site, perhaps hourly.
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top