Proxy Connect Only

When the agent is configured to work in Proxy Connect only mode, the agent performs periodic access checks every 60 seconds to several well-known web-sites for which the expected response is known, such as https://captive.apple.com/ and few others. The goal is to verify:

  • Direct access to the internet by sending request to these web-sites directly (ignoring any configured proxy on the endpoint).
  • Access these web-sites by forwarding the traffic to the Cloud Security Gateway (CSG proxy).

Based on the above access tests results, the agent determines the mode to operate.

Table 1. Operating Modes
Direct Internet Access Access Via CSG proxy Agent Mode of Operation Comments
OK OK Proxy Connect  
FAIL OK Proxy Connect 1
OK FAIL The configured fallback mode  
FAIL FAIL Open 2

Comments

  • When working on premises behind a firewall, it is possible that direct access to the internet is blocked, whilst access to the Cloud Security Gateway Proxy might be allowed.
  • When the endpoint is running behind a captive portal (such as in airports or hotels) then the agent would allow traffic to go as-is and reach the captive portal web-page. After the user submits captive portal information, the captive portal will open internet access and the periodic check results will change.