The gateway console https://<IP_address>:5480 is used for administrative configurations.

The proxy in gateway appliance helps bypass the the agent traffic using the gateway. All the agents behind the gateway connect to the cloud using the gateway instead of a direct connection. Squid proxy service runs on port 3128.

Gateway proxy services allows you to run with or without restrictions. Using restrictions, you can avoid unauthenticated access. Modify the configuration at gateway console to allow access only to authenticated users, IPs, or URLs using the Squid proxy server at gateway.

By default, Squid Proxy service is in stopped state.

Enable and disable proxy service

You can enable or disable proxy service from the gateway Web user interface or from a Serial user interface.

Enable/disable proxy from the console

  1. Log into the console at https://<ipaddress>:5480.
  2. Click Proxy Configuration.
  3. Click Stop to disable the proxy. Click Start to enable the Squid proxy service.

Enable/disable proxy from the command line

  1. Log into the serial UI by using the SSH connection to the gateway IP.
  2. Use Arrow keys to navigate to Squid Proxy and hit Enter.
  3. Use Arrow keys to Enable or Disable the service and Save.

Disabling proxy services on the gateway impacts agents that are connecting using proxy.

Run proxy services without restrictions

You cam start the proxy service without any restrictions. As a result, any agent can communicate using proxy without authentication or without any restriction.

  1. Log into gateway web user interface: https://:<5480>.
  2. From the left pane, click Proxy Configuration.
  3. Verify that the options of Without Credentials and No Restriction are selected for the following sections: Credentials, Inbound Restrictions, and URL or IP Restriction.
  4. Click Save to start the service without restrictions.

Run proxy services with restrictions

You can start the proxy service with restrictions. As a result, any agent connecting using proxy through the gateway is allowed only for the authenticated users, IPs, or URLs.

  1. Log into gateway web user interface: https://<ipaddress>:<5480>.
  2. From the left pane, click Proxy Configuration. The fields of Credentials, Inbound Restrictions, and URL or IP Restriction appear.
  3. For Credentials, do the following steps:
    1. Select the option With Credentials. Select Without Credentials if you do not want to add credential restriction.
    2. Enter user name and password for Credentials and click Create to add a user who can have access.
      When credentials are provided, the agent can communicate using proxy only with the user visible in the Allowed User list.
      You can add only one user.
  4. For Inbound Restrictions, enter:
    1. Select Allow Specific IPs. Select No Restriction if you want to allow all IPs.
    2. Enter detail in Provide range of IP addresses and click + to add.
      The added IPs appear as Allowed IPs Range and are authenticated to access from the proxy server. For example, entering 192.168.0.1/24 allows 254 IPs from 192.168.0.1 to 192.168.0.254.
      Specify only one IP if you do not want to allow the whole subnet.
  5. For URL/IP Restriction, enter:
    1. Select Allow Specific URL/IP. Select No Restriction to allow all URL/IP addresses if you do not want to restrict.
    2. Enter detail for Provide URL/IP to allow access using proxy and click + to add.
      The added URL/IP is displayed as Allowed URL/IP. For example, if you specify api.opsramp.com, only that URL is allowed to access using proxy. Other URL/IP addresses are not allowed.
  6. Click Save to apply the restrictions.

If you want to use the default gateway proxy configuration, click Reset.