Deploy SGOS IPv6 Proxy as an Explicit Forward Proxy Appliance in the Internet Gateway
search cancel

Deploy SGOS IPv6 Proxy as an Explicit Forward Proxy Appliance in the Internet Gateway


Article ID: 165635


Updated On:


Mobility Threat Protection ProxySG Software - SGOS


Corporate Internet service is IPv6 ready, but users have not yet upgraded their software and/or hardware to be able to connect using IPv6. As a result, content being served only on IPv6 Internet is inaccessible to the users, even though the Internet access is now IPv6 capable. 

Deploy SGOS IPv6 Proxy as an explicit forward proxy appliance in the Internet gateway. Users will be advised to configure an explicit proxy, or use a PAC file.  This is the simplest deployment scenari;  the down side to this is it requires either manual browser configurations, or the system administrator to manage the client’s machines. 



1. Configure ProxySG to have both IPv4 and IPv6 connectivity. See Deploy ProxySG as an IPv6 Transitional Device.

2. Enable “Explicit HTTP” proxy service:

  • #(config proxy-services) edit “Explicit HTTP”
  • #(config Explicit HTTP) intercept explicit 8080
  • #(config Explicit HTTP) intercept explicit 80

If the ProxySG contains multiple IP addresses and the user wants to control which IP address is used for explicit connection, you can substitute the “explicit” keyword with the ProxySG’s IP address:

#(config Explicit HTTP) intercept <sg-ip-address> 8080

3. Create policy to prefer IPv6 DNS lookup. This allows the ProxySG to use OCS’s IPv6 address if available:



The ProxySG configuration is complete at this point. The system administrator will need to make sure that users need to connect to the ProxySG explicitly to take advantage of the new service. This can be done either via manual configurations or PAC file:

Browser Configuration (Firefox)

This example assumes the users do not have IPv6 connectivity, so the HTTP proxy address is IPv4.  If the explicit proxy is used to provide IPv6 users access to IPv4 content, it is possible to use the proxy’s IPv6 address as an explicit proxy address:

System administrator may also choose to distribute a PAC file.