Exclude administrative downloads from matching Forwarding policy on ProxySG and ASG

book

Article ID: 169229

calendar_today

Updated On:

Products

Asset Management Solution Data Center Security Monitoring Edition Advanced Secure Gateway Software - ASG ProxySG Software - SGOS

Issue/Introduction

In a chaining proxy environment, how can downstream proxy administrative download traffic (such as WebFilter, CachePulse, Appliance Certificate Request, License Key Automatic Installation, et c.) be forced to go direct to the internet without being forwarded to an upstream Symantec ProxySG or Advanced Secure Gateway (ASG)?

Resolution

The following option will ensure a downstream proxy to connect directly to the Internet for administrative download

  1. From Management Console GUI, select Configuration tab > Forwarding > Forwarding Hosts > Global Defaults tab
  2. Configure the General Settings and uncheck the Use forwarding for administrative downloads option
  3. This option is enabled by default once the Forwarding host is created

The prerequisite is that the downstream ProxySG and ASG must be able to perform DNS lookup directly towards external Symantec domains.