We need to be PCI compliant. PCI user VLAN is connecting to Internet via proxy, but I need confirmation about the location of the proxy.
PCI user traffic flow:
PC ==> ASA FW ==> IPS (integrated firewall) ==> proxy ==> Internet.
Is this correct? Can the traffic flow from directly proxy to Internet, or do we need to have that like below?
PC ==> ASA FW ==> IPS ==> proxy ==> firewall ==> Internet