How to set up Explicit SSL Forward Proxy with Authentication
search cancel

How to set up Explicit SSL Forward Proxy with Authentication


Article ID: 166494


Updated On:


Advanced Secure Gateway Software - ASG ProxySG Software - SGOS


Configure SSL forward proxy with authentication in an explicit deployment. (For a transparent deployment, see How to Set Up Transparent SSL Forward Proxy with Authentication.)

This solution requires SGOS 4.2 or higher.



Follow the high-level steps below to set up SSL forward proxy in an explicit deployment. For step-by-step instructions, please see the attached document.

  1. Create a keyring and define your certificate.
  2. Use VPM to create SSL policy:
    • Add an SSL Intercept Layer, specify an SSL Forward Proxy action, and select the keyring created in step 1 (optional). Instead you can leave this rule out if you only want the SG to "intercept on exception" (default action) such as when the request will be denied.
    •  Add an SSL Access Layer, set the Action to Disable Server Certificate Validation (optional). This rule is optional but mentioned here because many customers prefer to disable server certificate validation on the proxy since browsers also perform certificate validation and allow users to proceed if desired.
    • Install the policy.
  3. Import the certificate on all computers.
  4. Enable SSL detection for HTTP connection.
  5. Create a realm for the authentication protocol.
  6. Use VPM to create Web Authentication policy:
    •  Add a Web Authentication Layer. Enforce authentication by creating an Authenticate/Force Authenticate Action.  Mode=Proxy-IP or Proxy
    • Install policy.
  7. Import the ProxySG self-signed certificate into IE.



SSL Forward Proxy with Authentication.pd get_app