If your organization already uses an HTTP forward proxy, such as a Data Leakage Prevention or a Unified Threat Management appliance to protect your network, the SIA proxy can coexist with these solutions.
If your organization is licensed for SIA Advanced Threat and you want to configure SIA Proxy as a full web proxy, you can direct traffic from the on-premises proxy to SIA Proxy. For more information, see Full web proxy.
In the case where the on-premises proxy performs TLS verification and decryption, you need to configure your organization's proxy to accept traffic from SIA Proxy, which also performs TLS decryption and resigns the traffic with its own certificates. This is done by configuring the on-premise proxy to trust the same MITM TLS certificates as computers in your organization. For instructions on how to add additional trusted root certificate to the existing proxy server, see the documentation of your on-premise proxy solution.
Most on-premise proxies allow you to send the X-Forwarded-For (XFF) header to the downstream proxy. SIA captures this HTTP header for threat events. You can view the internal IP address of the client computer in the Request Headers information that's reported on the Event Details window of the HTTP or HTTPS threat event. This data is available on the Details subtab of the Event Details window.
This graphic shows the flow in a network that contains an on-premises proxy. As shown, the proxy forwards traffic to the SIA proxy:
The security connector uses an internal IP address in the internal network. When instructed, the user's browser contacts Security Connector directly. As a result, requests bypass the local proxy.
Updated about 2 years ago