Deploy SGOS IPv6 Proxy as an Explicit Forward Proxy Appliance in the Internet Gateway

Solutions ID:    KB5181
Version:    2.0
Status:    Published
Published date:    06/27/2012
Updated:    07/23/2013

Problem Description


Corporate Internet service is IPv6 ready, but users have not yet upgraded their software and/or hardware to be able to connect using IPv6. As a result, content being served only on IPv6 Internet is inaccessible to the users, even though the Internet access is now IPv6 capable. 


Deploy SGOS IPv6 Proxy as an explicit forward proxy appliance in the Internet gateway. Users will be advised to configure an explicit proxy, or use a PAC file.  This is the simplest deployment scenari;  the down side to this is it requires either manual browser configurations, or the system administrator to manage the client’s machines.



  1. Configure ProxySG to have both IPv4 and IPv6 connectivity. See Deploy ProxySG as an IPv6 Transitional Device.
  2. Enable “Explicit HTTP” proxy service:
    #(config proxy-services) edit “Explicit HTTP”
    #(config Explicit HTTP) intercept explicit 8080
    #(config Explicit HTTP) intercept explicit 80

    If the ProxySG contains multiple IP addresses and the user wants to control which IP address is used for explicit connection, you can substitute the “explicit” keyword with the ProxySG’s IP address:
    #(config Explicit HTTP) intercept <sg-ip-address> 8080

  3.  Create policy to prefer IPv6 DNS lookup. This allows the ProxySG to use OCS’s IPv6 address if available:

The ProxySG configuration is complete at this point. The system administrator will need to make sure that users need to connect to the ProxySG explicitly to take advantage of the new service. This can be done either via manual configurations or PAC file:
Browser Configuration (Firefox)

This example assumes the users do not have IPv6 connectivity, so the HTTP proxy address is IPv4.  If the explicit proxy is used to provide IPv6 users access to IPv4 content, it is possible to use the proxy’s IPv6 address as an explicit proxy address:

System administrator may also choose to distribute a PAC file.

Network Diagram

Rate this Page

Please take a moment to complete this form to help us better serve you.

Did this document help answer your question?
If you are finished providing feedback, please click the RATE CONTENT button. Otherwise, please add more detail in the following text box and then click RATE CONTENT.

Your response will be used to improve our document content.

Ask a Question