Configure an Upstream Proxy
Configure an Upstream Proxy
The appliance requires a connection to port 443 on config-<tenant-URL>
and messenger-<tenant-URL>
for management connectivity. If an upstream proxy is deployed in the network, and the port 443 traffic needs to be routed via a proxy, configure the proxy hostname and port. You can also set up authentication to manage the traffic that is sent to your proxy server.
- To configure a proxy, enter these commands at the configuration prompt:
nsappliance(config)# set management-plane upstream-proxy-server hostname 10.136.210.17 nsappliance(config)# set management-plane upstream-proxy-server port 8080 nsappliance(config)# set management-plane upstream-proxy-server username <user-name> nsappliance(config)# set management-plane upstream-proxy-server password <password> Password: Confirm password: nsappliance(config)# save
You can setup authentication with your proxy only if the appliance is running in OPLP and/or CDPP modes.If the proxy is configured to intercept SSL traffic, then you need to allowlist the traffic to
config-<tenant-URL>
andmessenger-<tenant-URL>
.It is also important to note that KMIP Forwarder tunnels KMIP traffic using SSH, which requires direct connectivity toremotesvc-<tenant-URL>
on port 22 and can’t be proxied at this time. - To save the proxy configuration, enter
save
at the configuration prompt.