The ARM

Technical Library | Support

Go to the table of contents

Go to the previous page

Go to the next page

View or print as PDF

Transparent Proxy and ARM > The ARM

Help | Content Gateway | Version 8.3.x

The ARM inspects incoming packets before a routing decision is made and redirects the packets to Content Gateway for processing.

The ARM component utilizes iptables, policy routing, and transparent sockets which are configured during product installation. The installation program also creates redirection rules to intercept packets. The ARM is always active.

For the proxy to serve HTTP, HTTPS, FTP, or DNS requests transparently, you must check the redirection rules in the ipnat.conf file and edit them if necessary. If you are using WCCP for transparent interception, there must be a redirection rule for every port in every active service group. Rules for standard ports are included by default. To view and work with ARM redirection rules, follow the these steps.

1.

Log on to the Content Gateway manager and go to Configure > Networking > ARM > General.

The Redirection Rules section displays the redirection rules in the ipnat.conf file. Check the redirection rules and make any needed changes.

a.

To change a redirection rule, click Edit File to open the configuration file editor for the ipnat.conf file.

b.

Select the rule you want to edit and modify the appropriate fields. Click Set and then click Apply to apply your changes. Click Close to exit the configuration file editor.

All fields are described in ARM.

2.

Click Restart on Configure > My Proxy > Basic > General.

Configuring a firewall with ARM

The ARM module uses a firewall. To facilitate interception and redirection of traffic:

IPTables rules are configured during installation and upgrade of Content Gateway.

Forcepoint IPTables chains are inserted.

Forcepoint IPTables rules are also inserted into existing chains.

Forcepoint chains and rules use "NC_" as a prefix for identification purposes.

IPTables rules configured outside of Content Gateway Manager must

Be inserted after Forcepoint rules.

Never be added to Forcepoint chains.

Forcepoint chains and rules should never be edited.

If customized chains or rules impact the Forcepoint configuration, navigate to the bin directory (/opt/WCG/bin) and execute the following:

netcontrol.sh -r

This will re-establish the Forcepoint IPTables chains and rules.

Go to the table of contents

Go to the previous page

Go to the next page

View or print as PDF

Transparent Proxy and ARM > The ARM

Copyright 2016 Forcepoint LLC. All rights reserved.