# Using a proxy server (HTTP Firewall) without ICS



## Dell_Boy (Jun 22, 2011)

Hi there everyone, :wave: this is my first post here.

Here is the scenario.

ADSL Hub > (Eth Port 0) Gateway Server Running Windows Server 2008 R2 (Eth Port 1) > Wireless router WRT54GL ~ Range Extenders ~ Client computers.

Key ">" = Ethernet. "~" = Wireless. 

We've a small network here with around 8 computers all connected via wifi, recently we've had the task of implementing the HTTP firewall SafeSquid on the Gateway server, to reduce traffic, and keep unwanted articles from being accessed. The Server also runs a few other networking services such as IIS. Everything on the network has static IP's except for the public IP address issued to the ADSL hub from the ISP. 

The gateway server is currently supplying it's internet to the rest of the network via the dreaded ICS. The problem is the Firewall works, but internet pages load very slow on the client computers. Now, I dont know if this is caused by the fact that ICS is being used or its the firewall itself thats causing the slow as before, there was no gateway server.

What I want to do is eliminate ICS from the mix here, but I dont know how to supply the rest of the network internet from the Server making sure that everything is passed through the SafeSquid firewall

What's the best way to go about this?

Thanks in advance.


----------



## Jay_JWLH (Apr 30, 2008)

The public IP address to which you are referring to is called the WAN. But it, and all other network connected devices ((W)LAN) have their own private addresses which in your case sounds very easy to handle. It shouldn't be difficult to use Windows Server as a DHCP server though, and let the client computers connect, thus receiving up to date IP address, subnet, and Gateway (to the Internet) information. The Gateway of course would be the same IP address that your server has on its ethernet port. If you wish to restrict them, you can limit new clients by their MAC address. That way any new computers that enter the network would have to be added to the list, or the restriction turned off temporarily.

Have you tested out any network diagnostics on your network yet? I can't think of any, nor really know of any, but I'm sure there are quite a few out there.
Start off by performing a speed test from one of your client computers, and then from within the server. Then try a ping test. There is one company using two websites that does these things. Then with those results, we can look at how bad it is. Also, is the server put under a lot of load processor wise?


----------



## Wand3r3r (Sep 17, 2010)

It is not recommended by MS to be running ICS on 2008. You are supposed to be using RRAS. You may find that works much better.'

You don't state what the server specs are. Lots of memory and fast drive(s) is key for 2008


----------



## Dell_Boy (Jun 22, 2011)

Hi guys thanks for the replies, been slow at getting back to you as had other commitments. We're running Server '08 R2 on a Dell PowerEdge T110 [Spec's: Xeon X3430 2.4Ghz, 2GB DDR3 RAM, x2 300GB WD VelociRaptors and x2 PCI Gigabit Ethernet Ports one for in and the other for out. I'm pretty new to Server '08, but was aware that ICS is not recommended. I'm not familiar with RRAS, since I'm only a hardware technician, but i've just been assigned the duty of network configuration since the last guy left without notice.

Diagnostics through ICS using speedtest.net without a proxy layer are fast as are those when routed through the proxy, however without the proxy the test page loads instantly, through the proxy the page takes upward of 30 seconds to load, if at all and thats with continual browser refreshes. The same goes for speedtest.bt.com. I'm beginning to suspect that the proxy software is the culprit but I'm not sure why. I've posted over on the safesquid forum but came up empty with regard to config on the proxy. I'm willing to to try any means necessary to enable the client computers to interact with the internet through the proxy at a reasonable speed. Can anyone recommend me another software package that will play nice with server '08? else I fear that we will be investing in a hardware firewall, which is obviously much better, but costly.


----------



## Wand3r3r (Sep 17, 2010)

2GB DDR3 RAM

those are workstation ram recommendations not server. My win7x64 wkst has 6gig for example. increase the ram to 4-6gig and you should see a major improvement.


----------



## Jay_JWLH (Apr 30, 2008)

Wand3r3r said:


> 2GB DDR3 RAM
> 
> those are workstation ram recommendations not server. My win7x64 wkst has 6gig for example. increase the ram to 4-6gig and you should see a major improvement.


I guess that depends on what the purpose of the server is. With the reaction speed of handling network requests at stake, I can definitely understand how limited RAM could impact the performance of any software, including that one.

Try this from the start menu, and see if you can post it here: perfmon /report
It should give some good information on the ongoing performance of your server.

What is the purpose of this server? Server with a Router role, network storage, and domain controller?


----------

