For outbound connections to go through a web proxy server from the Unified Access Gateway to the desired host over the Internet, you must configure the Outbound Proxy Settings in the Unified Access Gateway Admin UI.

Unified Access Gateway does not support proxy server authentication.

In this release of Unified Access Gateway, the Outbound Proxy Settings are supported for the following outbound connections:
  • OPSWAT and the file server (used when the on-demand agent executable file is uploaded to Unified Access Gateway by using the URL Reference upload type). When outgoing traffic from Unified Access Gateway is for an OPSWAT host, then such a connection must first go through the web proxy server.
  • Workspace ONE Intelligence API calls (to fetch Workspace ONE Intelligence Risk Score or to post data to Workspace ONE Intelligence).
  • Packages repository when appliance package updates are configured.
  • Fetching JWT public key from a configured remote URL.
  • Fetching CRL/OCSP information during extended validation of backend server certificates.
  • Sending telemetry data to VMware when CEIP flag is enabled.

The following procedure describes the Outbound Proxy Settings configuration:

Procedure

  1. Log in to the Admin UI and in the Configure Manually section, click Select.
  2. Go to Advanced Settings > Outbound Proxy Settings and click the gear box icon.
  3. In the Outbound Proxy Settings window, click Add.
  4. Enter the following information:
    Option Default and Description
    Name Multiple proxy settings can be added in the Admin UI. This text box acts as a unique identifier for every proxy setting.
    Note: This text box is mandatory and cannot be updated.
    Proxy Server URL

    Outbound connections from Unified Access Gateway go through the proxy server, which is mentioned in this text box and then to the desired host over the Internet.

    Value of this text box must either be a hostname or an IP address prefixed with either HTTP or HTTPS.
    Proxy Included Host

    Outbound connections for the host mentioned in this text box must go through a proxy server from the Unified Access Gateway to the host over the Internet.

    Value of this text box must either be a hostname or an IP address. For example, if OPSWAT or the file server is the host, the corresponding hostname must be configured in this text box.
    Trusted Certificates
    • To select a certificate in the PEM format and add to the trust store, click +.
    • To remove a certificate from the trust store, click -.
    • To provide a different name, edit the alias text box.

      By default, the alias name is the filename of the PEM certificate.
  5. Click Save.