6.9. Windows Proxy Agent

For Windows users, you can provide Internet access via an explicitly set proxy to programs that do not support working through a proxy. Sometimes there is also a need to provide Internet access to such programs when UserGate is not set as the default Internet gateway for user computers. In these cases, you can use a proxy agent that forwards all TCP requests not destined for local addresses to UserGate, which functions as a proxy for them.


The proxy agent does not authenticate the user with UserGate. Therefore, if authorization is necessary, you will need to configure one of the user authentication methods, for example, install the Windows authentication agent.

The proxy agent can be installed manually or using Active Directory policies.

If you are not using policies for your installation, create a text file named utmagent.cfg in the %ALLUSERSPROFILE%\Entensys\UTMAgent\directory to configure the agent. In the configuration file, specify these settings:




where ServerName and ServerHttpPort are the IP address and port of the proxy server in UserGate (the default port is 8090); and

LocalNetwork is the list of networks that do not need to be forwarded to the proxy. (The machine's interface network is excluded from being forwarded to the proxy by default).

If a program installed on the computer sends a request to an address located in the same subnet as the computer's interface, that request will not be intercepted by the proxy agent and not forwarded to the proxy address. In a similar fashion, if any program installed on the computer sends a request to an address from the subnet specified in the LocalNetwork parameter, that request will not be forwarded to the proxy by the agent.

The proxy agent service listens to the local 8080 port.

After creating or modifying the configuration file, make sure to restart the proxy agent service.

For installation via GPO, the authorization agent is supplied with an administrative template for distribution via Active Directory policies. The administrator can use this template to deploy a correctly configured agent to a large number of user computers. For more details on deploying software using Active Directory policies, see the Microsoft documentation.

All settings required for the proxy agent to work correctly are made during Group Policy configuration. During the installation, the settings are written to the registry of the user computer and have priority over the .cfg file. When the agent is uninstalled using Group Policy, the registry values are not removed and remain in this registry node:


Health checker of UserGate NGFW is performed in the Windows proxy agent. Health checking is implemented as executing HTTP request every 30 seconds. If request is failed, proxy agent makes 3 more attempts with an interval of 5 seconds and stops forwarding requests to UserGate. Next, the Windows proxy agent checks NGFW availability every 10 seconds and, if the request is successful, redirects the traffic to UserGate.