To set up a proxy in a physically in-path deployment without an IP address on the bridge, meet these conditions:
- A management interface must be configured with an IP address. The proxy will use this IP address to perform various administrative tasks required for its operations on the network. For example, the proxy will use this IP address to do DNS lookups and reverse lookups depending on policies.
- The proxy must be deployed in such a way that it intercepts both outbound and inbound traffic in your network.
Then, ensure that the proxy is configured with the following settings:
- Set the bridge interface settings to FAIL_OPEN, so that the proxy can transparently bridge traffic in case of a failure.
- Enable reflect client IP so that the IP address of the proxy isn't used as the source IP address.
- Enable trust destination IP to reduce the number of DNS lookups the proxy performs.
- If there is no GW for Internet addresses, then pipelining must be disabled.