Configure an Upstream Proxy
Configure an Upstream Proxy
The appliance requires a connection to port 443 on config-<tenant hostname>.goskope.com and messenger-<tenant hostname>.goskope.com for management connectivity. If an upstream proxy is deployed in the network, and the port 443 traffic needs to be routed via a proxy, configure the proxy hostname and port. You can also set up authentication to manage the traffic that is sent to your proxy server.
Note
The domain names shown above and below apply to release 46 and higher. Using version 46 and later requires using the new domain names. For deployments on release 45 or lower, use config.goskope.com and messenger.goskope.com.
- To configure a proxy, enter these commands at the configuration prompt:
nsappliance(config)# set management-plane upstream-proxy-server hostname 10.136.210.17 nsappliance(config)# set management-plane upstream-proxy-server port 8080 nsappliance(config)# set management-plane upstream-proxy-server username <user-name> nsappliance(config)# set management-plane upstream-proxy-server password <password> Password: Confirm password: nsappliance(config)# save
You can setup authentication with your proxy only if the appliance is running in OPLP and/or CDPP modes.
If the proxy is configured to intercept SSL traffic, then you need to allowlist the traffic to
config-<tenant hostname>.goskope.comandmessenger-<tenant hostname>.goskope.com.It is also important to note that KMIP Forwarder tunnels KMIP traffic using SSH, which requires direct connectivity to
remotesvc-<tenant hostname>.goskope.comon port 22 and can’t be proxied at this time.Note
The domain name shown above applies to release 46 and higher. For deployments on release 45 or lower, use
remotesvc.goskope.com. - To save the proxy configuration, enter
saveat the configuration prompt.
