I've read through the Best Practices guide (Thanks for posting it) but I have a configuraiton question. I'd like to provision my new MWG appliances with a Send and a Recieve interface, but I don't want to implement the device in transparent mode. All my clients already have their proxy configuration set, so I'm ready to configure the gear in Direct Proxy mode. I just want to use one interface for traffic from the clients to the proxy, and another for requests from the proxy to the internet. A Direct proxy without a proxy-on-a-stick.
Has anyone had any luck with a configuration like this?
This is easily done by configuring the NICs with IP addresses on different subnets. The NIC that is your "Send" interface should be configured on the same subnet as the configured default gateway, which of course should not be reachable from the other NIC (the interface the clients talk to).