Technical Library
|
Support
Transparent Proxy and ARM
Transparent Proxy and ARM
Help | Content Gateway | Version 8.1.x
The transparent proxy option enables Content Gateway to respond to client Internet requests without requiring users to reconfigure their browsers. It does this by redirecting the request flow to the proxy after the traffic has been intercepted, typically by a Layer 4 (L4) switch or router.
In a transparent proxy deployment:
1.
The proxy intercepts client requests to origin servers via a switch or router. See
Transparent interception strategies
.
2.
The Adaptive Redirection Module (ARM) changes the destination IP address of an incoming packet to the proxy's IP address and the destination port to the proxy port, if different. (The ARM is always enabled.)
3.
The proxy receives and begins processing the intercepted client requests. If a request is a cache hit, the proxy serves the requested object. If a request is a miss, the proxy retrieves the object from the origin server and serves it to the client.
4.
On the way back to the client, the ARM changes the source IP address to the origin server IP address and the source port to the origin server port.
Important
For transparent proxy configurations with multiple interfaces or gateways, Content Gateway must have proper routes to clients and the Internet in the operating system's routing table.
For HTTP, the proxy can identify problem clients and servers, and the ARM can disable interception for those clients and servers, passing their traffic directly to the origin server. You can also create ARM static bypass rules to exempt clients and servers from being redirected to the proxy. See
Interception bypass
.
Related topics:
Transparent interception strategies
Interception bypass
Connection load shedding
Reducing DNS lookups
IP spoofing
Support for IPv6
Transparent Proxy and ARM
Copyright 2016 Forcepoint LLC. All rights reserved.