Enabling the proxy to use multiple IPs to connect upstream
search cancel

Enabling the proxy to use multiple IPs to connect upstream

book

Article ID: 166391

calendar_today

Updated On:

Products

ProxySG Software - SGOS

Issue/Introduction

The purpose of this article is to describe the steps required to make the proxy contact upstream servers using multiple source IPs.

Resolution

There are two ways to achieve the objective:

 
A) This is good for both transparent and explicit deployments
 
1) Configure the IPs you would like the proxy to use to send the traffic to the upstream as VIPs (virtual IPs) . To do this, go to Configuration -> Network -> Advanced ->VIPs. Click New and specify the IP that you designated as reflect IP (or source IP). Once done, click Apply to write the configuration.
 
2) Add a forwarding layer to your policy with the following rule/rules
Source: (client IP/ subnet) 
Destination: ANY
Action: reflect IP, chose the Proxy IP option, and then add one of the VIP you already configured on step 1.
 
3) You can add more rules as needed based user IP, subnets etc.
 
 
B) This scenario is good for explicit proxy only, and when you do not need the client IP/subnet to have a static IP reflection on the upstream.
 
1) Configure the IPs you would like the proxy to use to send the traffic to the upstream as VIPs (virtual IPs) . To do this, go to Configuration -> Network -> Advanced ->VIPs. Click New and specify the IP that you designated as reflect IP (or source IP). Once done, click Apply to write the configuration.
 
2) Configure the same number of VIP you did in step 1 as VIP on the internal interface on the proxy Interface.
 
3) add a forwarding layer to your policy with the following rule/rules
Source: Proxy IP Address/Port, and add the one of the VIPs on the internal proxy interface. 
Destination: ANY
Action: reflect IP, chose the Proxy IP option, and then add one of the VIP you already configured.
 
Add more rules as needed without repeating any of the VIPs (i.e. one VIP on the internal interface will reflect to one VIP on the external interface)
 
4) You will need to create DNS record for the proxy that has all the VIPs of the internal interface of the proxy.
 
5) Configure your clients to use the DNS name for the proxy to send the traffic.