Explicit proxy setup - quick start guide
Workflow (summary of tasks) to allow clients to connect to a ProxySG explicitly.
Note: When prompted, it is usually best to NOT secure the console port, unless you are 100% sure you will not lose the password. Also, there is usually no need to restrict admin access by IP, unless you are 100% sure you will always access from the same range or IP address.
i. Ping the proxy from the client to check network connection, if ok then...
ii. Configure the proxy to intercept the traffic. Under Configuration > Services > Proxy Sservices - look for the port number the client browser is sending the requests on – by default 80 or 8080 and usually defined as “External HTTP”- and set it to “intercept”. This is the most basic configuration possible to have a working explicit proxy.
i. Authentication - Define authentication server (usually your DC) under Configuration > authentication > realms – see below for the required policy.
ii. ICAP content filtering – define the proxy AV or icap scanner IP under Configuration > External services > ICAP – see below for the required policy.
iii. Web page categorizer, like Blue Coat Web Filter, or Websense or any supported content filtering vendor. You must enable the provider and have a valid license to download the database so that you can create policy and lookup the category for a Web request. For the configuration options, see Configuration > Content filtering > General.
i. To authenticate users: Select Policy > Add Authentication layer > define source and destination (usually All), and action = force authenticate using the auth realm you created in 8.i.
ii. To send traffic for icap scanning: Select Policy > Add web content layer > action = send to icap scan, using the icap object defined under 8.ii
iii. Create a web access layer to allow traffic according to source, destination (probably using the website categories as per 8.iii), and then set the default action to Allow
iv. Set the default policy on the ProxySG to Allow requests. In the Management Console, Select Configuration > Policy > Policy options and set the Default Proxy Policy to Allow.
Rate this Page
Please take a moment to complete this form to help us better serve you.