Managing Proxy Settings

Describes how to enable proxy services and run proxy services with and without restrictions.

Leave Feedback

Introduction

The gateway console https://<IP_address>:5480 is used for administrative configurations.

The gateway appliance runs Squid Proxy service by default. The proxy in gateway appliance helps bypass the the agent traffic via the gateway. All the agents behind the gateway connect to OpsRamp cloud via the gateway instead of a direct connection. Squid proxy service runs on port 3128.

Gateway proxy services allows you to run with or without restrictions. Using restrictions, you can avoid unauthenticated access. Modify the configuration at gateway console to allow access only to authenticated users, IPs, or URLs using the Squid proxy server at gateway.

Enabling and disabling proxy service

You can enable or disable proxy service either from the web interface or Serial UI.

OpsRamp console

To enable or disable proxy from the OpsRamp console:

  1. Log into the OpsRamp console at https://<ipaddress>:5480.
  2. Click Proxy Configuration.
  3. Click Stop to disable or Start to enable the Squid proxy service.

Command line interface

To enable or disable proxy,

  1. Log into OpsRamp Serial UI by using the SSH connection to the gateway IP.
  2. Use Arrow keys to navigate to Squid Proxy and hit Enter.
  3. Use Arrow keys to Enable or Disable the service and Save.

Running proxy services without restrictions

You cam start the proxy service without any restrictions. As a result, any agent can communicate via proxy without authentication or without any restriction.

To run proxy without restrictions:

  1. Log into gateway web user interface: https://:<5480>.
  2. From the left pane, click Proxy Configuration.
  3. Verify that the options of Without Credentials and No Restriction are selected for the following sections: Credentials, Inbound Restrictions, and URL or IP Restriction.
  4. Click Save to start the service without restrictions.

Running proxy services with restrictions

You can start the proxy service with restrictions. As a result, any agent connecting via proxy through the gateway is allowed only for the authenticated users, IPs, or URLs.

To run proxy with restrictions:

  1. Log into gateway web user interface: https://<ipaddress>:<5480>.
  2. From the left pane, click Proxy Configuration. The fields of Credentials, Inbound Restrictions, and URL or IP Restriction appear.
  3. For Credentials, perform the following steps:
    1. Select the option With Credentials. Select Without Credentials if you do not want to add credential restriction.
    2. Provide user name and password for Credentials and click Create to add a user who can have access.
      When credentials are provided, then the agent can communicate via proxy only with the user visible in the Allowed User list.
      Note: You can add only one user.
  4. For Inbound Restrictions, provide the following:
    1. Select Allow Specific IPs. Select No Restriction if you want to allow all IPs.
    2. Enter detail in Provide range of IP addresses and click + to add.
      The added IPs appear as Allowed IPs Range and are authenticated to access from the proxy server. For example, entering 192.168.0.1/24 allows 254 IPs from 192.168.0.1 to 192.168.0.254.
      Specify only one IP if you do not want to allow the whole subnet.
  5. For URL/IP Restriction, provide the following:
    1. Select Allow Specific URL/IP. Select No Restriction to allow all URL/IP addresses if you do not want to restrict.
    2. Enter detail for Provide URL/IP to allow access via proxy and click + to add.
      The added URL/IP appears as Allowed URL/IP. For example, if you specify api.opsramp.com, then only that URL is allowed to access via proxy. Other URL/IP addresses are not allowed.
  6. Click Save to apply the restrictions.