Bloomberg application is not working via Transparent Proxy:
https://assets.bbhub.io/professional/sites/10/BBG_Network_Connectivity_Guide.pdf
TEST ENVIRONMENT:
The IP ranges and the URLs are not being accessible via Proxy
Documentation (PAGE10): https://assets.bbhub.io/professional/sites/10/BBG_Network_Connectivity_Guide.pdf
DOMAINS/SUBDOMAINS:
bloomberg.net
bloomberg.com
blpprofessional.com
btogo.com
IP RANGES:
69.187.16.0/20
69.187.32.0/19
69.187.72.0/21
69.191.176.0/20
69.191.192.0/18
103.251.205.0/24
160.43.250.0/24
160.43.251.0/24
160.43.252.0/24
160.43.253.0/24
205.216.112.0/24
206.156.53.0/24
208.22.56.0/24
208.22.57.0/24
PORTS:
UDP Destination Ports
48129 - 48137
TCP Destination Ports
8194 – 8198
8209 – 8220
8290 – 8294
CONFIGURATION OF BLOOMBERG APP:
Select SOCKS and put the IP of the Proxy and port 1080
CONFIGURATION ON PROXY:
1. Please go to the Configuration > Proxy Services > SOCKS
2. Make sure that the SOCKS is set to bypass on port 1080
3. Create a Web Access Layer in the VPM called Bloomberg
Source: <defined> or Any
Destination: Combined object that includes request urls:
Service: SOCKS
Action: Allow
4. This is an optional step ( SOCKS compression may need to be disabled in some cases. The CPL policy should include the line socks.accelerate (no).) In the policy file, insert the following code:
<Proxy>
socks.accelerate(no)
CONFIGURATION WITH SOCKS AUTHENTICATION:
How to set up Bloomberg client with authentication - https://knowledge.broadcom.com/external/article/166490
########### Manual FULL BYPASS only on SGOS 7.3.x #########
######## TCP TUNNEL ########
ProxySG> enable
ProxySG# config t
ProxySG(config)# proxy-services
ProxySG(config proxy-services)# create tcp-tunnel BloombergTCP
ProxySG(config proxy-services)# edit BloombergTCP
add all 69.187.16.0/20 8194–8198 bypass
add all 69.187.32.0/19 8194–8198 bypass
add all 69.187.72.0/21 8194–8198 bypass
add all 69.191.176.0/20 8194–8198 bypass
add all 69.191.192.0/18 8194–8198 bypass
add all 103.251.205.0/24 8194–8198 bypass
add all 160.43.250.0/24 8194–8198 bypass
add all 160.43.251.0/24 8194–8198 bypass
add all 160.43.252.0/24 8194–8198 bypass
add all 160.43.253.0/24 8194–8198 bypass
add all 205.216.112.0/24 8194–8198 bypass
add all 206.156.53.0/24 8194–8198 bypass
add all 208.22.56.0/24 8194–8198 bypass
add all 208.22.57.0/24 8194–8198 bypass
add all 69.187.16.0/20 8209-8220 bypass
add all 69.187.32.0/19 8209-8220 bypass
add all 69.187.72.0/21 8209-8220 bypass
add all 69.191.176.0/20 8209-8220 bypass
add all 69.191.192.0/18 8209-8220 bypass
add all 103.251.205.0/24 8209-8220 bypass
add all 160.43.250.0/24 8209-8220 bypass
add all 160.43.251.0/24 8209-8220 bypass
add all 160.43.252.0/24 8209-8220 bypass
add all 160.43.253.0/24 8209-8220 bypass
add all 205.216.112.0/24 8209-8220 bypass
add all 206.156.53.0/24 8209-8220 bypass
add all 208.22.56.0/24 8209-8220 bypass
add all 208.22.57.0/24 8209-8220 bypass
add all 69.187.16.0/20 8228 bypass
add all 69.187.32.0/19 8228 bypass
add all 69.187.72.0/21 8228 bypass
add all 69.191.176.0/20 8228 bypass
add all 69.191.192.0/18 8228 bypass
add all 103.251.205.0/24 8228 bypass
add all 160.43.250.0/24 8228 bypass
add all 160.43.251.0/24 8228 bypass
add all 160.43.252.0/24 8228 bypass
add all 160.43.253.0/24 8228 bypass
add all 205.216.112.0/24 8228 bypass
add all 206.156.53.0/24 8228 bypass
add all 208.22.56.0/24 8228 bypass
add all 208.22.57.0/24 8228 bypass
add all 69.187.16.0/20 8290-8294 bypass
add all 69.187.32.0/19 8290-8294 bypass
add all 69.187.72.0/21 8290-8294 bypass
add all 69.191.176.0/20 8290-8294 bypass
add all 69.191.192.0/18 8290-8294 bypass
add all 103.251.205.0/24 8290-8294 bypass
add all 160.43.250.0/24 8290-8294 bypass
add all 160.43.251.0/24 8290-8294 bypass
add all 160.43.252.0/24 8290-8294 bypass
add all 160.43.253.0/24 8290-8294 bypass
add all 205.216.112.0/24 8290-8294 bypass
add all 206.156.53.0/24 8290-8294 bypass
add all 208.22.56.0/24 8290-8294 bypass
add all 208.22.57.0/24 8290-8294 bypass
ProxySG(config proxy-services)# exit
######## UDP TUNNEL ########
Only applicable to ProxySG 7.3.x branch
ProxySG> enable
ProxySG# config t
ProxySG(config)# proxy-services
ProxySG(config proxy-services)# create udp-tunnel BloombergUDP
ProxySG(config proxy-services)# edit BloombergUDP
add all 69.187.16.0/20 48129-48137 bypass
add all 69.187.32.0/19 48129-48137 bypass
add all 69.187.72.0/21 48129-48137 bypass
add all 69.191.176.0/20 48129-48137 bypass
add all 69.191.192.0/18 48129-48137 bypass
add all 103.251.205.0/24 48129-48137 bypass
add all 160.43.250.0/24 48129-48137 bypass
add all 160.43.251.0/24 48129-48137 bypass
add all 160.43.252.0/24 48129-48137 bypass
add all 160.43.253.0/24 48129-48137 bypass
add all 205.216.112.0/24 48129-48137 bypass
add all 206.156.53.0/24 48129-48137 bypass
add all 208.22.56.0/24 48129-48137 bypass
add all 208.22.57.0/24 48129-48137 bypass
ProxySG(config proxy-services)# exit
Then create a CPL Layer in your VPM Policy and paste the code:
; ################# BloombergClient FULL BYPASS START #################
; Allow TCP/UDP tunnel
<Proxy>
service.name="BloombergTCP" authenticate(no) ALLOW
service.name="BloombergUDP" authenticate(no) ALLOW
; Disables authentication via Proxy
<proxy>
condition=Bloombergclient authenticate(no) ALLOW
; Disables HTTP/2 for Websockets
<proxy>
condition=BloombergWebsockets http2.client.accept(no) http2.server.request(no)
; Disables protocol detection
<proxy>
condition=Bloombergclient detect_protocol(none)
; Disables http manipulation
<proxy>
condition=Bloombergclient http.client.persistence(no) http.server.persistence(no) bypass_cache(yes) http.request.version(1.0) http.response.version(1.0) server_url.dns_lookup(ipv4-only)
; Disables ICAP scanning
<cache>
condition=Bloombergclient request.icap_service(no) response.icap_service(no)
; Disables CACHE
<cache>
condition=Bloombergclient pipeline(no) cache(no)
; Disables SSL-Interception, packet inspection
<ssl-intercept>
condition=Bloombergclient ssl.forward_proxy(no)
; Disables servers SSL certificate validation
<SSL>
condition=Bloombergclient server.certificate.validate(no)
define condition Bloombergclient
; domains for Bloomberg client
url.domain="bloomberg.net"
url.domain="bloomberg.com"
url.domain="blpprofessional.com"
url.domain="btogo.com"
end condition Bloombergclient
define condition BloombergWebsockets
; domains for the websockets
client.connection.ssl_server_name.suffix=.bloomberg.net
client.connection.ssl_server_name.suffix=.bloomberg.com
client.connection.ssl_server_name.suffix=.blpprofessional.com
client.connection.ssl_server_name.suffix=.btogo.com
end condition BloombergWebsockets
; ################# BloombergClient BYPASS END #################
UDP bypass is only supported under 7.3.x version of Proxy - https://knowledge.broadcom.com/external/article/225761/udp-support-on-proxysg.html