Go to the table of contents Go to the previous page Go to the next page
Content Gateway Deployment > Chaining Content Gateway with other proxies
Chaining Content Gateway with other proxies
Deployment and Installation Center | Forcepoint Web Security
 
Blue Coat ProxySG
You can configure the Blue Coat proxy to send X-Forwarded-For and X-Authenticated-User headers for Content Gateway to read either by manually editing a policy text file or defining the policy in a Blue Coat graphical interface called Visual Policy Manager.
Note that for Blue Coat to service HTTPS requests properly with the following setup, you must have a Blue Coat SSL license and hardware card.
Editing the local policy file
In the Blue Coat Management Console Configuration tab, click Policy in the left column and select Policy Files. Enter the following code in the current policy text file, using an Install Policy option:
<Proxy>
action.Add[header name for authenticated user](yes)
 
define action dd[header name for authenticated user]
set(request.x_header.X-Authenticated-User, "WinNT://$(user.domain)/$(user.name)")
end action Add[header name for authenticated user]
 
action.Add[header name for client IP](yes)
 
define action dd[header name for client IP]
set(request.x_header.X-Forwarded-For,$(x-client-address))
end action Add[header name for client IP]
Using the Blue Coat graphical Visual Policy Manager
Before you configure the Blue Coat header policy, ensure that NTLM authentication is specified in the Blue Coat Visual Policy Manager (Authentication > Windows SSO). Set Content Gateway as the forwarding host (in the Blue Coat Management Console Configuration tab, Forwarding > Forwarding Hosts).
In the Blue Coat Management Console Configuration tab, click Policy and select Visual Policy Manager. Click Launch and configure the header policy as follows:
1.
In the Policy menu, select Add Web Access Layer and enter an appropriate policy name in the Add New Layer dialog box.
2.
Select the Web Access Layer tab that is created.
3.
4.
5.
Click New in the Set Action Object dialog box and select Control Request Header from the menu.
6.
7.
Enter X-Forwarded-For in the Header Name entry field.
8.
Select the Set value radio button and enter the following value:
$(x-client-address)
9.
10.
Click New and select Control Request Header again.
11.
12.
Enter X-Authenticated-User in the Header Name entry field.
13.
Select the Set value radio button and enter the following value:
WinNT://$(user.domain)/$(user.name)
14.
15.
Click New and select Combined Action Object from the menu.
16.
17.
18.
19.
Click Install Policy in the Blue Coat Visual Policy Manager.
Microsoft Forefront Threat Management Gateway (TMG)
Microsoft Forefront TMG can be used as a downstream proxy from Content Gateway via a plug-in from Forcepoint. This plug-in allows Content Gateway to read the X-Forwarded-For and X-Authenticated-User headers sent by the downstream Forefront TMG.
The Websense-AuthForward.TMG_Plugin-64.zip file is available on the Downloads page of your forcepoint.com account.
1.
Navigate to forcepoint.com and click My Account to log in.
2.
Select the Downloads tab.
3.
4.
In the list, expand TMG 64-bit plugin... to see the download details. Click the download link to start the download.
Install a plug-in:
1.
*
*
*
2.
From the command prompt, type:
regsvr32 Websense-AuthForward.dll
3.
Verify the plug-in was registered in the Forefront TMG management user interface (Start > Programs > Microsoft Forefront TMG > Microsoft Forefront TMG Management). In the System section, select Add-ins, then click the Web-filter tab. The WsAuthForward plug-in should be listed.
To uninstall the plug-in, in Forefront TMG installation directory run the following command in a Windows command prompt.
regsvr32 /u Websense-AuthForward.dll

Go to the table of contents Go to the previous page Go to the next page
Content Gateway Deployment > Chaining Content Gateway with other proxies
Copyright 2023 Forcepoint. All rights reserved.