Table of Contents
Advertisement
Network Setup menu options
Web cache
A proxy-cache server implements Internet object caching, which is a way to store requested Internet
objects (that is, data available via HTTP, FTP, and other protocols) on a server closer to the user's network
than on the remote site. Typically, the proxy-cache server eliminates the need to re-download Internet
objects over the available Internet connection when several users simultaneously attempt to access the
same Web site. The Web site's contents are available in the cache (server memory or disk) and are quickly
accessible over the LAN rather than over the slower Internet link.
The Web cache keeps objects cached in memory and, on a LAN network share, caches Internet name (DNS)
lookups and implements negative caching of failed requests. Using the lightweight ICP (Internet Cache
Protocol), multiple Web caches can be arranged in a hierarchy or mesh. This mesh allows Web cache peers
to pull objects from each other's caches, further improving the performance of Web access for an
organization with multiple Internet gateways. The Web cache of the appliance can be configured to share
cached objects with, and access objects cached by, other Web caches (peers). Web caches communicate
using ICP. ICP is used to exchange hints about the existence of URLs in neighbor caches. Caches exchange
ICP queries and replies to gather information to use in selecting the most appropriate location from which
to retrieve an object. The messages transmitted by a cache to locate a specific object are sent to Sibling
caches, which are placed at the same level in the hierarchy. Then, the caches placed at the Parent level are
queried if the replies from sibling caches did not succeed. For information, see
Configuring Web Cache
Peers.
The Web cache can also be configured to pass off Web transaction requests or responses to a third-party
ICAP server for processing, using its ICAP client. This is typically used to integrate a third-party virus
scanning, content filtering, or a complete CSM solution. For information about ICAP, see
Configuring ICAP
client for Web
Cache. For information about Web Filtering, see
Disabling McAfee Web Gateway content
filtering.
Enabling the Web cache
Use this procedure to enable the Web cache. Allocating auxiliary storage for the cache either on the
network or locally is highly recommended. See
Allocating network storage for Web cache
and
Allocating
local USB storage for Web
caching.
The maximum amount of memory you can safely reserve depends on what other services the appliance has
running, such as VPN or a DHCP server. If you are using a Network Share or Local Storage, it is generally
best to set the Cache size to 8 Megabytes. Otherwise, start with a small cache (16 Megabytes) and
gradually increase it until you find a safe upper limit where the appliance can still operate reliably.
PAC file
As the onscreen instructions indicate, users on the LAN must configure their browsers using the PAC (Proxy
Automatic Configuration) file available at: http://192.180.0.1/proxy.pac.
Or, they can manually configure their proxy server settings to 192.168.0.1 on port 3128. For instructions,
see
Configuring browsers to use the Web
cache.
Note:
If you have any DMZ or Guest interfaces, non-LAN Bridges or multiple LAN interfaces, then the PAC file will
not work unless the network users have their default gateway set to the IP address of this UTM Firewall appliance.
In complicated network scenarios, you may need to manually edit the proxy.pac file for completeness and
reliability.
McAfee UTM Firewall 4.0.4 Administration Guide
133
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
