How to set up the proxy in a physically in-path deployment without an IP address on the bridge?

book

Article ID: 168528

calendar_today

Updated On:

Products

ProxySG Software - SGOS

Issue/Introduction

If needing to set up an inline transparent proxy with a HW bridge.


The bridge is also configured not to have an IP on it.
 

Resolution

To set up a proxy in a physically in-path deployment without an IP address on the bridge, meet these conditions:

  • A management interface must be configured with an IP address. The proxy will use this IP address to perform various administrative tasks required for its operations on the network. For example, the proxy will use this IP address to do DNS lookups and reverse lookups depending on policies.
  • The proxy must be deployed in such a way that it intercepts both outbound and inbound traffic in your network.

Then, ensure that the proxy is configured with the following settings:

  • Set the bridge interface settings to FAIL_OPEN, so that the proxy can transparently bridge traffic in case of a failure.
  • Enable reflect client IP so that the IP address of the proxy  isn't used as the source IP address.
  • Enable trust destination IP to reduce the number of DNS lookups the proxy performs.
  • If there is no GW for Internet addresses, then pipelining must be disabled.