Forward Proxy

Forward Proxy is a clientless solution that traffic to a forward proxy server to provides secure internet access to web browsers. It is enabled only over an active VPN connection or over the WiFi in your office. It is disabled over your office LAN.

This feature is available only to customers in the Early Availability program.

Notes:

• The web browser traffic is directed through the forward proxy server regardless of whether the endpoint has the Harmony Connect Agent installed or not.

• Forward Proxy is supported only for web browsers. Not for applications that access internet.

Use Case

• If you want to migrate from an on-premise proxy server to a cloud An administrator approved Harmony Connect cloud location that processes the internet and corporate traffic.-based proxy server (Secure Web Gateway) without additional configuration.

• If you want a clientless solution for secure internet access for your web browsers.

• Better user experience with higher data speed compared to a solution with a client.

Prerequisite

• Kerberos An authentication server for Microsoft Windows Active Directory Federation Services (ADFS). authentication configured and the endpoint web browser must have access to its Key Distribution Center (KDC).

• A Proxy Auto-Configuration (PAC) file that contains the rules to redirect the web browser traffic to the forward proxy server. Click here for a sample PAC file to get started.

Enabling Forward Proxy

To enable forward proxy:

1. Go to Settings > Forward Proxy.

2. Select Enable forward proxy.

3. Under Kerberos Key, click Upload and upload the Kerberos certificate.

4. Under Proxy server FQDN, copy the FQDN and add to the PAC file.

5. Under Proxy.pac, click Upload and upload the PAC file.

   The URL of the PAC file appears under URL to proxy.pac. Copy the URL to clipboard.

6. Go to Policy > SSL Inspection.

7. Under Download Full Inspection Certificate, click Download Certificate.

   The system downloads the certificate.

8. Install the certificate on the endpoints under Trusted Root Certificate Authorities.

9. Use a Group Policy Object (GPO) to configure endpoints to use the proxy settings specified in the PAC file.

   • For Windows 10:

     1. Go to Settings > Network & Internet > Proxy.

     2. Turn on the Use set script toggle.

     3. In the Script address field, paste (copied in step 5) the URL of the PAC file.

     4. Click Save.

   • For macOS:

     1. Go to Apple menu > System Preferences > Network.

     2. Click Wi-Fi on the left pane and make sure that the Status is Connected.

     3. Click Advanced.

     4. Go to the Proxies tab.

     5. Under Select a protocol to configure, select Automatic Proxy Configuration.

     6. In the URL field Under Proxy Configuration File, paste (copied in step 5) the URL of the PAC file.

     7. Click OK.

     8. Click Apply.