Go to the table of contents Go to the previous page Go to the next page View or print as PDF
Transparent Proxy and ARM > Transparent interception strategies > Configuring Content Gateway to serve only transparent requests
Configuring Content Gateway to serve only transparent requests
Help | Content Gateway | Version 8.1.x
You can configure Content Gateway to serve only transparent requests and prevent explicit proxy requests from being served in the following ways:
*
*
If you do not know the ranges of client IP addresses allowed to access Content Gateway, you can add rules to the ipnat.conf file (Configure > Networking > ARM > General) so that only requests that have been redirected by your Layer 4 switch or WCCP router reach the proxy port.
To make a transparent-only Content Gateway server, add rules in the ipnat.conf file before the normal redirect service rule to redirect explicit proxy traffic to a port on which no service is listening. For example, if you want Content Gateway to ignore explicit HTTP requests, add rules above the normal HTTP redirect rule in the ipnat.conf file as shown below (where ipaddress is the IP address of your Content Gateway system and port_number is a port number on which no service is listening):
rdr hme0 ipaddress port 80 -> ipaddress port port_number tcp
rdr hme0 ipaddress port 8080 -> ipaddress port port_number tcp
rdr hme0 0.0.0.0/0 port 80 -> ipaddress port 8080 tcp
Add equivalent rules to the ipnat.conf file for each protocol service port or separate network interface to be served. After you make changes to the ipnat.conf file, you must restart the proxy.
*
LOCAL proxy.local.incoming_ip_to_bind STRING private_ipaddress
LOCAL proxy.local.outgoing_ip_to_bind STRING real_ipaddress

Go to the table of contents Go to the previous page Go to the next page View or print as PDF
Transparent Proxy and ARM > Transparent interception strategies > Configuring Content Gateway to serve only transparent requests
Copyright 2016 Forcepoint LLC. All rights reserved.