Forward proxy support

This document provides guidance on how to configure and use forward proxy in ​Akamai​ ​Zero Trust Client​. The desktop client offers two primary methods for supporting forward proxy:

  1. Proxy set up manually in the OS
  2. Proxy Auto-Configuration (PAC) file support

If your organization uses a proxy server, you may want to route the Access network traffic through the proxy server for security, compliance, or network management purposes.

📘

​Zero Trust Client​ supports HTTPS proxy only.

Use the client with a manually configured proxy

This solution lets ZTC use the manually set up proxy settings of your operating system to route Access traffic through the proxy before it reaches EAA Cloud.

How to

  1. Enter your proxy details in the proxy settings of your operating system. Provide the server name or IP address, and port.
    1. To learn how to manually set up a proxy server connection on Windows, see the Microsoft Windows proxy documentation.
    2. To learn how to manually set up a proxy server connection on macOS, see the Apple macOS proxy documentation.
  2. Enable Remote Proxy in Zero Trust Client.

👍

You can use the FORWARD_PROXY install parameter to enable Remote Proxy in ZTC immediately after the client is installed. See the silent install instructions to learn more.

Use the client with a PAC file

This solution lets ZTC use the proxy server specified with the FORWARD_PROXY_URL install parameter, along with a PAC file specified in your OS proxy settings to route Access traffic through the proxy before it reaches EAA Cloud.

How to

  1. You need to modify your PAC file for it to work with ZTC. Reach out to your ​Akamai​ account support representative and ask for assistance.

    Here’s an example of how your PAC file may look like:

  function FindProxyForURL(url, host) {

  if (isInNet(dnsResolve(host), "192.0.2.24", "192.0.2.24") || isInNet(dnsResolve(host), "192.0.2.24", "192.0.2.24") || isInNet(host, "192.0.2.24", "192.0.2.24")) { return "DIRECT"; }
if (isInNet(host, "192.0.2.24", "192.0.2.24") || dnsDomainIs(host, "192.0.2.24") || dnsDomainIs(host, "192.0.2.24") || isInNet(host, "192.0.2.24", "192.0.2.24") || dnsDomainIs(host, "192.0.2.24") || dnsDomainIs(host, "192.0.2.24") || dnsDomainIs(host, "192.0.2.24") || dnsDomainIs(host, "192.0.2.24") || dnsDomainIs(host, "192.0.2.24")) { return "DIRECT"; }
if (url.startsWith("http:")) {return "PROXY 192.0.2.24:1; DIRECT;"}
if (url.startsWith("https:")) {return "PROXY 192.0.2.24:1; DIRECT;"}

  }

  1. Specify your PAC file URL in the OS proxy settings.
    1. To learn how to set up PAC on Windows, see the Microsoft Windows proxy documentation.
    2. To learn how to set up PAC on macOS, see the Apple macOS proxy documentation.
  2. Specify the FORWARD_PROXY and FORWARD_PROXY_URL parameters when installing the desktop client. See the silent install instructions to learn more.

Caveats

  • If you install the client with the FORWARD_PROXY_URL parameter specified, the client won’t use a manually set up proxy, even if it’s specified in the OS.
  • You need to specify the FORWARD_PROXY and FORWARD_PROXY_URL parameters to successfully set up PAC.
  • The client checks and applies your PAC file settings only once when the client is installed. If you'd like ZTC to honor new proxy settings, reinstall the client.