Create a Proxy Server element
Create a Proxy Server element that represents the proxy service.
For more details about the product and how to configure features, click Help or press F1.
Steps
- Select Configuration, then browse to Network Elements.
- Browse to Servers.
- Select .
- Configure the settings.
- On the Services tab, configure the details of the service to which traffic is forwarded.
- Click OK.
Proxy Server Properties dialog box
Use this dialog box to change the properties of a Proxy Server.
Option | Definition |
---|---|
General tab | |
Name | The name of the element. |
Address | Enter the IPv4 or IPv6 address of the server. You can also add multiple IP addresses, separated by commas. Alternatively, you can enter an FQDN. |
Resolve | Automatically resolves the IP addresses of the server if you entered a domain name in the Name field. |
Location | Specifies the location for the server if there is a NAT device between the server and other SMC components. |
Balancing Mode | If multiple IP addresses or an FQDN is defined, you can select how traffic is balanced.
|
Contact Addresses |
|
Secondary IP Addresses (Optional) |
The NGFW Engine associates the secondary IP address to the correct element when the IP address is used as the source or
destination address in pass-through communications. Note: Secondary IP addresses are only used for routing and matching in Access rules. Do not add IP addresses of the
proxy server or service.
Click Add to add a row to the table, or Remove to remove the selected row. |
Category (Optional) |
Includes the element in predefined categories. Click Select to select a category. |
Tools Profile | Adds commands to the right-click menu for the element. Click Select to select an element. |
Comment (Optional) |
A comment for your own reference. |
Option | Definition |
---|---|
Services tab | |
Proxy Service Listening Port | The port that the NGFW Engine uses to communicate with the proxy service. This port is used for all protocols, unless
overridden in the Protocol-Specific Listening Ports section. The default port is 8080. |
Protocol-Specific Listening Ports | If you do not want to use the port defined in the Proxy Service Listening Port field for a particular
protocol, select the protocol, then enter the port to use.
|
Proxy Service |
|
Customer ID | (When the Proxy Service is Forcepoint Web Security Cloud) Enter the customer ID from the EasyConnect service that you created in Web Security Cloud. |
Key ID |
(When the Proxy Service is Forcepoint Web Security Cloud) Select a key ID from the EasyConnect service that you created in Web Security Cloud. It can take up to an hour for a password change to be fully propagated in Web Security Cloud. To avoid downtime when updating the password, there are multiple passwords that are automatically generated in Web Security Cloud, and each password has a key ID assigned. See the following example of use:
|
Password |
(When the Proxy Service is Forcepoint Web Security Cloud) Enter the password that matches the key ID from the EasyConnect service that you created in Web Security Cloud. By default, passwords and keys are not shown in plain text. To show the password or key, deselect the Hide option. |
Trust Host Header |
(When the Proxy Service is Generic Proxy) When selected, the host header is trusted.
Note: For security reasons, we recommend that you use this option only if both ends involved in the communication are trusted.
|
Add X-Forwarded-For Header | (When the Proxy Service is Generic Proxy) When selected, the X-Forwarded-For header is included in requests. This header reports the original source IP address of the client. |
Option | Definition |
---|---|
Monitoring tab | |
Log Server | The Log Server that monitors the status of the element. |
Status Monitoring | When selected, activates status monitoring for the device. You must also select the Probing Profile that contains the definitions for the monitoring. When you select Status Monitoring, the element is added to the tree in the Dashboard view. |
Probing Profile | Shows the name of the selected Probing Profile. Click Select to select a Probing Profile element. |
Log Reception | Activates syslog reception from this device. You must select the Logging Profile that contains the definitions for converting the syslog entries to SMC log entries. You must also select the Time Zone in which the device is located. By default, the local time zone of the computer you are using is selected. |
Logging Profile | Shows the name of the selected Logging Profile. Click Select to select a Logging Profile element. |
Time Zone | Selects the time zone for the logs. |
Encoding | Selects the character set for log files. |
SNMP Trap Reception | Enables the reception of SNMP traps from the third-party device. |
NetFlow Reception | Enables the reception of NetFlow data from the third-party device. The supported versions are NetFlow v5, NetFlow v9, and IPFIX (NetFlow v10). |
Option | Definition |
---|---|
NAT tab (All optional settings) |
|
Firewall | Shows the selected firewall. |
NAT Type | Shows the NAT translation type: Static or Dynamic. |
Private IP Address | Shows the Private IP Address. |
Public IP Address | Shows the defined Public IP Address. |
Port Filter | Shows the selected Port Filters. |
Comment | An optional comment for your own reference. |
Add NAT Definition | Opens the NAT Definition Properties dialog box. |
Edit NAT Definition | Opens the NAT Definition Properties dialog box for the selected definition. |
Remove NAT Definition | Removes the selected NAT definition from the list. |