search cancel

Procedure to perform Proxy Chaining

book

Article ID: 174907

calendar_today

Updated On:

Products

ProxySG Software - SGOS

Issue/Introduction

Basic Configuration for Proxy Chaining

Resolution

Moving forward, the Proxy closest to the client is called the Child Proxy and the proxy upstream from the Child Proxy will be called the Parent Proxy

Steps on Child Proxy
First make sure the Proxy is set to intercept HTTP and HTTPS traffic
Open the GUI-->Configuration-->Services-->Proxy Services
if transparent set transparent port 80 and 443 to intercept
if explicit set explicit port 8080 or 80 to intercept

1) Create forwarding host
Open the GUI-->Configuration-->Forwarding-->Forwarding Host
Click New and give the host an Alias (name, reference HTTP or Port 80 in the name so we know this host is for HTTP)
Then enter the IP or hostname of the Parent Proxy and set the type to Proxy.
Then select HTTP: 80
Click OK
This is for HTTP

Next we want to do the same thing but for HTTPS
Click New, set the name(reference HTTPS or Port 443 in the name so we know this host is for HTTPS and host but for the type select Server
Then select HTTPS: 443 (do not select Verify SSL certificate)
click ok
then click apply to save changes

2) Now we want to create policy to send traffic to the Parent Proxy. On the Child Proxy open the VPM and add a forwarding layer
First we will create the rule for HTTP
Right click destination-->Set-->new-->Destination Host/Port. Set port to 80 and click add then click OK
Now set the action, right click-->set-->new-->Select forwarding.
On the left hand side, select the forwarding host you created for HTTP and click Add
then click ok and ok again

Now, we want to create the policy for HTTPs
Add a new rule, set the destination again like we did before but set the port to 443
Set the action like we did before but chose the HTTPS forwarding host and then install policy

Now, when the Child Proxy sends traffic upstream it will use its own IP address, meaning it will not reflect the clients IP address
You have two options
1) Configure Reflect Client IP

TECH242061

2)Enable x-forwarded-for
TECH242409


Now, on the Parent proxy we need to make sure the proxy is set to intercept traffic.
Open the GUI-->Configuration-->Services-->Proxy Services.
make sure transparent port 80 and port 443 are enabled and the proxy will not intercept traffic.

This is the basic configuration for proxy chaining.