Showing results for 
Search instead for 
Do you mean 
Reply
emB
Occasional Contributor
emB
Posts: 5
Registered: ‎03-26-2012
Accepted Solution

Cloud Proxy Server via corporate proxy server

Hello all,

I'm trying to test Centrify Express for Mobile in our environment and are struggling with our firewall guys to allow this server direct outbound access on 80/443.

 

I have attempted to get this going through our corporate proxy server using the "Microsoft Firewall Client" but unfortunately we are still running ISA 2004 and I eventually get the following error: "12156 The HTTP request includes a non-supported header".

 

We do have other new, non-Microsoft proxy servers, but there doesn't appear to be a way to tell the Cloud Proxy Server to use this.

 

Now for a few questions please:
1.Are there any plans for the Cloud Proxy Server to be proxy compatible? (a config option to tell the service to use a proxy).


2.Does anyone know if this would work via TMG using the TMG client?  And would this be supported?


3.Any other suggestions are welcome :-)

 

I feel this should be allow direct outbound access but I don't make these calls - a workaround is usually easier for us than dealing with our firewall team.

 

Thanks
M

Please use plain text.
Centrify
Raman
Posts: 291
Registered: ‎05-04-2011

Re: Cloud Proxy Server via corporate proxy server

Hi , 

 

Outbound TCP on 80 and 443 ports should be sufficient even with a webproxy on your network. But in your case since that is not being granted I can think of a few things we can try

 

1. If a web proxy is going to be present in the path we surely need to have something that support HTTP 1.1 traffic 

2. If you can convince your Firewall team we can give you the destination address and ports that need to be opened up from the Centrify Cloud Proxy server 

 

Regarding configuring the Centrify Proxy server to use a different Proxy in your network I will have to get back to you. I will also check on the TMG client and how it can be used. Surely something we havent tested yet.

 

If you think you will be able to validate 1 and 2, please reach out to me at raman.kumar@centrify.com and we will need to work offline and gather other information if you are still running into issues

 

thanks

Raman

Centrify Support

Please use plain text.
emB
Occasional Contributor
emB
Posts: 5
Registered: ‎03-26-2012

Re: Cloud Proxy Server via corporate proxy server

Raman,

 

thanks very much for the quick response.

 

  1. ISA 2004 does support HTTP 1.1 but being such an old product, something else is missing and it’s obviously just not up to the task – I will chase up our proxy team to see if they are looking at moving to TMG.
  2. If you could supply the destination addresses, I should be able to convince our firewall team to allow outbound access (at least for our trial to begin with).

 

Thanks again for the prompt response.

 

M

Please use plain text.
Centrify
Raman
Posts: 291
Registered: ‎05-04-2011

Re: Cloud Proxy Server via corporate proxy server

Sorry for the delay in getting back to you. I have sent you an offline message regarding this.

 

thanks

Raman 

Please use plain text.
emB
Occasional Contributor
emB
Posts: 5
Registered: ‎03-26-2012

Re: Cloud Proxy Server via corporate proxy server

Raman,

 

thanks for the information you emailed. I have tried various proxy options but didn't have much success in my environment due to our firewall rules.

 

Our firewall team have opened the required ports (for an eval) and everything is working fine now.

 

Thanks

Please use plain text.
Centrify
Raman
Posts: 291
Registered: ‎05-04-2011

Re: Cloud Proxy Server via corporate proxy server

Glad to hear its working now. 

 

thanks
Raman 

Please use plain text.
Centrify
Raman
Posts: 291
Registered: ‎05-04-2011

Re: Cloud Proxy Server via corporate proxy server

We have made a significant change with the 1.0.2-245 release ( current release ). There is now

improved connectivity between the Centrify Proxy Server and the Centrify Cloud Services in environments with web proxy servers utilizing HTTP 1.0. With this update there will be no need to open any outbound ports to connect to the Centrify Cloud Service except for TCP Outbound on ports 443 and 80.

 

If you had to open ports ( 935x outbound TCP ) earlier to get the communication working, this is not needed.

 

thanks

Raman

Centrify Support

Please use plain text.