Proxied connections
Most organizations have at least one proxied connection configured per policy. The proxied connection address is used to identify traffic from your organization’s egress IP address and, by default, apply the policy to that traffic.
Proxied connections:
- Are public-facing IP addresses, IP address ranges, or IP subnets for offices in your organization using the cloud service.
- Are often the external address of your Network Address Translation (NAT) firewall.
- May be appliances or edge devices configured on the page.
- Could include branch offices, remote sites, or satellite campuses.
Proxied connections are NOT:
- IP addresses of individual client machines.
- IP addresses outside your organization.
If you have several points of presence on the Internet, you can combine all of these under one policy, or have separate policies for each public-facing IP address.
Note: If you do not add any proxied connections to the policy, all users are treated as remote and must authenticate to use the service. In this case, the policy they use is determined by their
email domain. They see a service-wide Remote User Welcome page that is not configurable. Once logged on, they are served configurable notification pages from the customer account.