Appliance Proxy Support

The RISC Networks Virtual Appliances require outbound communication from the customer environment to the RISC Networks Secure Cloud Environment (SCE).  In cases where all outbound communication from the customer environment is required to pass through a proxy, the Virtual Appliance can be configured with the proxy parameters for this communication.

The feature supports authenticating or non-authenticating HTTPS proxies. Currently, only the Basic authentication method is supported, Windows NTLM authentication is not supported.

In a FlexDeploy deployment the RN150 and FlexDeploy appliances may both be configured to use a proxy for outbound communications to the SCE, however communication between the RN150 and FlexDeploy appliances will not be proxied, and so must not require traversal of the proxy.

SSL/TLS decryption by the proxy is supported if the proxy presents a root or intermediate certificate that is trusted in the global PKI. Custom internal certificate chains are not currently supported.


On this page:

Configuring the Virtual Appliances for Proxy Support

When the appliance is first booted up, it will attempt to utilize DHCP to obtain an IP configuration. It will then test communication with the RISC Networks SCE. If DHCP is not available or the communication with the SCE is not successful, the user will be presented with the Interfaces section of the appliance dashboard. This section allows the user to set or modify the IP configuration of the appliance. 

Browse to the Interfaces section of the appliance, then select the “Proxy” button. This will open the dialog for setting the proxy parameters. Once the parameters are set, select the “Submit” or "Apply" button to apply the configuration.The dialog can then be closed. To validate the communication with the SCE, the “Refresh” button can be selected, which will perform the communication validation and indicate the results of that test.

If the proxy settings need to be modified, the same steps should be performed. When the Proxy settings dialog is opened, the current proxy configuration will be displayed, and can be modified as necessary. Once the submit button is selected, the updated configuration will be applied, replacing the previous configuration.

If the "Proxy Address" field of the configuration dialog is empty when the form is submitted, the application will interpret this as a request to remove the proxy configuration, disabling proxy support. This can be utilized as an easy method of removing the configuration if the proxy is no longer needed or desired. Please be aware that removing the proxy configuration in an environment where the connection must be proxied may result in the appliance becoming unable to communicate with the RISC Networks SCE. Always be sure to select “Refresh” from the main Interfaces page after applying a change to the proxy to validate that the appliance can properly communicate.

Proxy Configuration Values

The proxy configuration dialog allows setting the following values:

  • Proxy Address
    • The IP address of the proxy server.
  • HTTP Port
    • The TCP port on which the proxy server accepts HTTP requests.
    • All communication to the SCE is conducted over HTTPS, however to ensure full support for various proxy server configurations, this value is provided as well.
  • HTTPS Port
    • The TCP port on which the proxy server accepts HTTPS requests.
  • Username
    • The username to be used for authentication.
    • This should be left blank for non-authenticating proxies.
  • Password
    • The password to be used for authentication.
    • This should be left blank for non-authenticating proxies.

Troubleshooting Steps

If the appliance is unable to communicate with the RISC Networks SCE following the application of a proxy configuration, a support ticket can be opened through the web portal.

When opening a support ticket regarding the proxy feature, please provide the following information:

  • Proxy software in use, for example Squid 3.5.22
  • Is an authenticating proxy in use, and if so, what type of authentication
  • Any error messages shown in the appliance interface following an unsuccessful communication test
  • Any relevant information from the proxy software log