You can configure alternate proxy servers and split the selected web traffic to multiple proxy servers. When an alternate proxy server is down and primary is available, Client Proxy redirects all traffic to the primary proxy server. When a primary proxy server is down, Client Proxy redirects the traffic marked for alternate redirection to the alternate proxy server.
Before you begin
You must be logged on to the Trellix ePO, Trellix ePO, or the Trellix ePO server as an administrator.
When configuring the proxy server list, consider whether Client Proxy is deployed with Trellix ePO, Trellix ePO, or the Trellix ePO.
- On-premises — Configure at least one of the Web Gateway appliances installed on your network as the proxy server.
- In the cloud — Configure Skyhigh Security WGCS as the proxy server, using this format for the host name: c<customer_id>.saasprotection.com.
- Example: c12345678.saasprotection.com
NOTE: Before you can save the policy, you must provide the IP address or host name of at least one proxy server and a port number.
- From the main menu, select Policy > Policy Catalog.
- From the Products list, select the current version of Client Proxy.
- Click SCP Policy to view the policy list.
- Click Edit on the same row as the policy you want to configure.
- From the Client Proxy Settings menu, select Proxy Servers.
- Click the Alternate Proxy Server List tab.
- To specify how the software selects a proxy server from the list, select an option:
- connect to the first accessible Proxy Server based on their order in the list below — The software selects the next proxy server from the list that you configure.
- connect to the Proxy Server that has the fastest response time — The software selects the next proxy server from the list that it maintains, which is based on response time.
- To add proxy servers to the Proxy Server List, configure these settings, then click Add.
- Proxy Server Address — Specifies the IP address or host name of the proxy server.
- Proxy Port — Specifies the port number of the proxy server.
- HTTP/HTTPS — Select this checkbox to redirect traffic sent to ports 80 and 443 to a proxy server.
- Non-HTTP/HTTPS Redirected Ports — Specifies the port numbers of protocols other than HTTP/HTTPS whose traffic you want redirected. Verify that the proxy server supports these protocols. You can enter up to 1024 characters in this field.
- Select Enable Auto proxy switch over for Alternate Proxy, then specify a value for the Polling interval (in seconds) in this range: 10–3600 seconds. The recommended value is 60 seconds.
The auto-proxy switchover option is available only when you select connect to the first accessible Proxy Server based on their order in the list below.
- Click Save.
The alternate proxy servers list is saved with the policy.