Squid proxies and Linux baston hosts

Hello All,

I am from BSI, CSIR, Zscaler partners from Dublin, Ireland.

We would like to know what experience Zscaler have with Squid Proxies (http://www.squid-cache.org/) and Linux bastion hosts!

We have an prospective client who have an complex network structure and their policy states that the traffic has to be forwarded to a proxy (Squid proxy) before that can be forwarded to Zscaler.

So, we would like to know what solution have Zscaler have provided to clients with the same requirements and any other related information.

To the community, if you had any clients or yourself with similar experience, please do share your experiences and solutions!

I am looking forward for hearing an update soon!

Thanks.

Kind regards,
Harshad Ravichand, MBA.

Hi @harshadravichandbsi welcome to the Zscaler community.
It sounds like your customer requires proxy chaining to our Zscaler Internet Access service. Proxy chaining is a supported traffic forwarding method BUT it comes with a number of limitations that you should highlight to the prospective client. You can find more detail around different forwarding methods in this article:
https://help.zscaler.com/zia/best-practices-traffic-forwarding

I would recommend you make contact with your in region Zscaler sales team to explore your client requirements in more detail.

1 Like

Hi Nick,

Thanks for your quick response.

We are super aware of these links and have already used for the POC.

But, since our client network is complex there have been always some kind of issues whatsoever!

So, what I really want to know is the experiences that Zscaler had with other clients with similar issues/similar use of squid proxies/bastion hosts.

We really need the experiences and solutions of other Zscaler clients with similar situations.

The prospective client have a good number of users and they are going to buy Zscaler for small number of users and test, but they really want to know the stories so that they can make changes accordingly and implement Zscaler for all users efficiently and in a better way.

Our sales team are already dealing with the RSM’s, but we have not go what we want technically! - that’s the reason I posted it here :slight_smile:

I hope this gives you a clear information of what exactly we require!

Thanks.

Kind regards,
Harshad Ravichand, MBA.

Hi @harshadravichandbsi,

I have had experience with a large customer who did this, and while I can’t provide the specific customer name, it complicated things a great deal. As @racingmonk already pointed out, it’s possible and not ideal. If the squid proxies serve (a) particular function(s) (which in the case of my customer was as much a form of routing as anything else – definitely not ideal) it’s important to define those requirements and then show how Zscaler’s proxy architecture can best meet them.

What are the requirements for their squid proxies? I appreciate they will want other customer information but the best customer information to provide is showing how customers have moved away from legacy technology to that which enables proper digital transformation.

1 Like

Hi Thomas,

Thanks for the reply.

I understand it completely.

It is their company policy which states the traffic has to pass through a proxy (it can be any!) and then to Zscaler. During POC they were using Bluecoat proxy and had several issues - so they tried with Squid proxy - it worked partially with several issues.

This is why they want to know about what other customers did so that they can make changes accordingly.

What would you recommend? I think they can just change their company policy, but not sure that will be viable!

As an technical advisor, please tell me your recommendations - what would you recommend someone with this situation!

We have already spoken through emails ( I was supposed to attend an Architecture session along with you, but missed/attended Zenith Live) - you can also send me more information to my email - I will email you!

Thanks.

Kind regards,
Harshad Ravichand, MBA.

We do need to know why this policy exists and what they hope to accomplish with it. Please do feel free to reach out via email.

Sure, Thomas. I have emailed you in detail with customer’s response. Looking forward hearing from you soon.

Thanks.