Cloud Proxy Server via corporate proxy server
03-29-2012 10:08 PM
I'm trying to test Centrify Express for Mobile in our environment and are struggling with our firewall guys to allow this server direct outbound access on 80/443.
I have attempted to get this going through our corporate proxy server using the "Microsoft Firewall Client" but unfortunately we are still running ISA 2004 and I eventually get the following error: "12156 The HTTP request includes a non-supported header".
We do have other new, non-Microsoft proxy servers, but there doesn't appear to be a way to tell the Cloud Proxy Server to use this.
Now for a few questions please:
1.Are there any plans for the Cloud Proxy Server to be proxy compatible? (a config option to tell the service to use a proxy).
2.Does anyone know if this would work via TMG using the TMG client? And would this be supported?
3.Any other suggestions are welcome :-)
I feel this should be allow direct outbound access but I don't make these calls - a workaround is usually easier for us than dealing with our firewall team.
Solved! Go to Solution.
03-29-2012 10:44 PM
Outbound TCP on 80 and 443 ports should be sufficient even with a webproxy on your network. But in your case since that is not being granted I can think of a few things we can try
1. If a web proxy is going to be present in the path we surely need to have something that support HTTP 1.1 traffic
2. If you can convince your Firewall team we can give you the destination address and ports that need to be opened up from the Centrify Cloud Proxy server
Regarding configuring the Centrify Proxy server to use a different Proxy in your network I will have to get back to you. I will also check on the TMG client and how it can be used. Surely something we havent tested yet.
If you think you will be able to validate 1 and 2, please reach out to me at firstname.lastname@example.org and we will need to work offline and gather other information if you are still running into issues
03-29-2012 11:16 PM
thanks very much for the quick response.
- ISA 2004 does support HTTP 1.1 but being such an old product, something else is missing and it’s obviously just not up to the task – I will chase up our proxy team to see if they are looking at moving to TMG.
- If you could supply the destination addresses, I should be able to convince our firewall team to allow outbound access (at least for our trial to begin with).
Thanks again for the prompt response.
04-02-2012 10:23 PM
thanks for the information you emailed. I have tried various proxy options but didn't have much success in my environment due to our firewall rules.
Our firewall team have opened the required ports (for an eval) and everything is working fine now.
09-25-2012 12:31 PM
We have made a significant change with the 1.0.2-245 release ( current release ). There is now
improved connectivity between the Centrify Proxy Server and the Centrify Cloud Services in environments with web proxy servers utilizing HTTP 1.0. With this update there will be no need to open any outbound ports to connect to the Centrify Cloud Service except for TCP Outbound on ports 443 and 80.
If you had to open ports ( 935x outbound TCP ) earlier to get the communication working, this is not needed.