Guides
Log In
Guides

Forward Proxy

Suggest Edits

Forward proxy deployment uses an intermediary that sits between users and any resource or application. The proxy provides advanced network protection filtering and blocking access. The most common use cases of forward proxies are solutions that block groups from accessing malicious websites from a company’s devices so that the enterprise’s network is protected. Secure Web Gateways (SWG) are examples of forward proxies that provide advanced network protection by filtering and blocking access to websites (see Secure Web Gateway for additional information). The proxy server hides an enterprise's address or domains from public view and allows admins to control which groups can have access to specific websites.

Using SWG alone requires proxy server configuration on every device. Cyolo's solution integrates forward proxies, creating a relationship between identities and the proxies through which they are permitted to access.

The prerequisite for this feature is activation of Cyolo Connect on every device. In order for the forwarding proxy solution to work, users must be working on a device with Cyolo Connect agent installed and running.

This feature is configured on the Integration > Forward Proxy screen.

  1. Click Add to add a new integration.

  1. When selecting Automatic proxy setup, you can either select the URL Address tab and enter the URL where the PAC sits, or select the File Upload tab and upload the proxy configuration file (PAC). You cannot select both. When selecting Manual proxy setup, you will be prompted to enter the web proxy for HTTP/S and select the site where the proxy sits. Note that both HTTP and HTTPS need to be completed in manual mode.

  2. The (optional) Proxy Settings area provides the option of entering HTTP/S sites that skirt the policy and enables you to identify the user against the proxy.

    • In the Bypass tab, enter the IP address for the websites that are intended to bypass the proxy settings (Mac example: *.local,169.254/16; Windows example: localhost).

    • In the Headers tab, the authentication token includes the identity of users and this token is placed in the Header Name field. The token includes the groups to which the user belongs. 
The groups that are sent in the token is a cross section of the groups that a user is a member of and the groups that are included in this section of the proxy. All Groups is selected by default and includes all of the groups and users that are configured under identities. For example, if User X is a member of 5 groups, all of User X’s groups will be in the token forwarded to the proxy. If you de-select All Groups, you will be offered the option of pinpointing specific groups to be included in the token that is forwarded to the proxy. For example, if User X belongs to Group A, and you selected Group A, B and C, only Group A will be sent.

Updated 3 days ago