You can control client access to Content Gateway by specifying ranges of IP addresses that are allowed to connect to the proxy. If Content Gateway receives a request from an IP address not listed in a specified range, it discards the request. See Controlling client access to the proxy.

If you do not know the ranges of client IP addresses allowed to access Content Gateway, you can add rules to the ipnat.conf file on the Configure > Networking > ARM > General tab in the Content Gateway manager so that only requests that have been redirected by your Layer 4 switch or WCCP router reach the proxy port.

If your Content Gateway system has multiple network interfaces or if you configure the Content Gateway operating system to use virtual IP addresses, you can give Content Gateway 2 IP addresses. One address must be the real address that the proxy uses to communicate with origin servers and the other a private IP address (for example 10.0.0.1) for WCCP or switch redirection. After you configure the IP addresses, you must add the following variables to the end of the records.config file. Replace <private_ipaddress> with the private IP address used for WCCP or switch redirection and <real_ipaddress> with the IP address the proxy uses to communicate with origin servers.