A selective proxy analyzes risky web traffic. It examines the domain and full URL of requests to determine if it's risky.
This graphic illustrates how the proxy functions in a network:
This graphic does not illustrate how ETP Proxy behaves when it's configured on a network with an on-premises proxy.
The corporate resolver forwards requests to ETP. Requests are forwarded to the ETP network in the closest geographical region. When Selective Proxy is set as the operating mode or as the mode for mobile traffic in a policy, ETP DNS directs requests to ETP Proxy. The IP address of the ETP proxy server is then cached in the resolver and all suspicious traffic is forwarded to the proxy.
With the selective proxy, ETP Threat Intelligence detects that a domain contains a suspicious URL. Traffic to risky domains is sent to ETP Proxy. However, only specific known threat URLs are blocked, monitored, or analyzed in accordance with the established policy. If a website is not a suspected threat or its category is assigned the Bypass action, it bypasses the proxy. For example, in the graphic above, the safe website is not inspected by the ETP proxy and the request is resolved.
A number of checks are performed to determine how suspicious traffic is handled:
ETP confirms that the request comes from an IP address that is registered as a location for your organization. If the IP address is unknown, the request is dropped.
If the IP address is known, the destination port is checked to confirm that port 443 or 80 is used. If these ports are not used, traffic is dropped.
For port 443, the TLS Server Name Identification (SNI) value is extracted and ETP connects to the origin server with that hostname.
For port 80, traffic is likely HTTP. ETP extracts the hostname from the Host header in the HTTP request.
If the hostname cannot be extracted or identified, the end user is shown an error page.
If your network already contains an on-premise proxy, the ETP proxy can work with the internal proxy without requiring significant changes to your network. For more information, see Support of an on-premises HTTP forward proxy.
Updated about 2 months ago