Proxy can be implemented in either a explicit or transparent mode. The deployment of proxy (network logical location) can be either in-line (bridge) or out-line. Since we are planning to more from the explicit mode to transparent mode, various changes are required to be done, on both network and security levels. Lets review how the current network setup is.
- The default route is pointing toward the firewall.
- firewall is part of Server Farm Vlan (wrong design).
- Proxy are configured to be inline. one leg in server farm, the other leg directly to the internet. (wrong design).
- All internal IPs are converted into one IP (many to one).
- Since it is explicit, the returning traffic will always come back to the proxy
In the second part, I would go into the details of our target design, and how we would want our traffic to go.