Proxy Forwarding (Without Traffic Classification)
All incoming NGFW HTTP traffic allowed by the NGFW filtering rules is redirected to the next (upstream) proxy in the chain. Any HTTP(S) or SOCKS5 proxy can serve as the upstream proxy. Optional login/password authentication is supported for the upstream proxy.
The traffic redirected to the upstream proxy is logged in the Web access log but with the proxy's IP as the destination IP address.
This scenario addresses use cases such as providing access to region-locked content, integrating new regional offices into an existing global corporate network hierarchy, and ensuring the privacy of the company's external communications.
Update via Proxy
License activation and software updates for UserGate nodes (NGFW, MC, LogAn) are done via an external proxy. Any HTTP(S) proxy can be used in this role. Optional login/password authentication is supported for the external proxy.
Licensing or software update events via an external proxy server are logged in the Event Log. In the description of each such update, the proxy tag is added with the address and port of the proxy server. Example: proxy: https://10.10.0.1:3128.
License activation and software updates via an external proxy are supported for NGFW, UGMC, LogAn, and SIEM.
One possible example of this scenario is when UserGate equipment (e.g., UGMC or LogAn) is located inside a closed-perimeter organization that has no direct Internet access for software updates.