HTTP Proxy placement

What is the best place to place your web-proxy server and why?

At the moment we have a Firewall with a webproxy server, but we are going to distingiush these from eachother, so in the new Scenario we have a Firewall and a separate web-proxy

Is it best to place the web-proxy server on a DMZ?
is it best to place it on the internal side?
External side?

and most important.. why?

thanks for the time invested already

On a DMZ.
Because
a) you don't want it external as you make it an easy target
b) you don't want it on your internal network as if it does get compromised it has easy access to the rest of your infrastructure
c) if you put it in a DMZ you have the opportunity to tie down the traffic permitted from the outside to the proxy server (i.e. just the stuff you want to proxy, block the rest) and from the proxy back through the firewall to the hosting server(s). Ideally these would be on a second, separate DMZ as well

External is indeed the last option you would like to consider...

For Internal and DMZ I am still doubting,

If I Place my WebProxy on the DMZ my Firewall will receive a double ammount of HTTP traffic right?
I am not fully aware how many traffic we generate by browsing.

Isn't it safe enough to allow port 80 for the webproxy to go outside and no-one else? If so it would result in a 50% less HTTP traffic crossing the firewall.

Thanks in advance.

Yes you could put the proxy on the internal network and reduce the traffic across the firewall by 50%. But any decent firewall should be able to handle that extra 50% with ease, and that's what firewalls are for - to give you the protection you need. Unless your user base is huge you're not talking about a lot of traffic

I guess it is a choice based on money, security and performance...

As you said, firewall should be more then able to have this load.. Thanks for your point of view on this one.

Next step will be deciding which webproxy to place .
Thinking about a Bluecoat SG810