Windows Proxy Agent

For Windows users, you can provide Internet access via an explicitly set proxy to programs that do not support working through a proxy. Sometimes there is also a need to provide Internet access to such programs when NGFW is not set as the default Internet gateway for user computers. In these cases, you can use a proxy agent that forwards all TCP requests not destined for local addresses to NGFW, which functions as a proxy for them.

Note The proxy agent does not authorize the user with NGFW. Therefore, if authorization is necessary, you will need to configure one of the user authorization methods, for example, install the Windows authorization agent.

The proxy agent can be installed manually or using Active Directory policies.

Note The proxy agent is compatible with all Windows versions except Windows XP.

If you are not using policies for your installation, create a text file named utmagent.cfg in the %ALLUSERSPROFILE%\Entensys\UTMAgent\ directory to configure the agent. In the configuration file, specify these settings:

ServerName=10.255.1.1

ServerHttpPort=8090

LocalNetwork=192.168.1.0/24; 192.168.0.0/24; 192.168.30.0/24;

where ServerName and ServerHttpPort are the IP address and port of the proxy server in NGFW (the default port is 8090).

Note LocalNetwork is the list of networks that do not need to be forwarded to the proxy. (The machine's interface network is excluded from being forwarded to the proxy by default).

If a program installed on the computer sends a request to an address located in the same subnet as the computer's interface, that request will not be intercepted by the proxy agent and not forwarded to the proxy address. In a similar fashion, if any program installed on the computer sends a request to an address from the subnet specified in the LocalNetwork parameter, that request will not be forwarded to the proxy by the agent.

The proxy agent service listens to the local 8080 port.

After creating or modifying the configuration file, make sure to restart the proxy agent service.

For installation via GPO, the authorization agent is supplied with an administrative template for distribution via Active Directory policies. The administrator can use this template to deploy a correctly configured agent to a large number of user computers. For more details on deploying software using Active Directory policies, see the Microsoft documentation.

All settings required for the proxy agent to work correctly are made during Group Policy configuration. During the installation, the settings are written to the registry of the user computer and have priority over the .cfg file. When the agent is uninstalled using Group Policy, the registry values are not removed and remain in this registry node:

Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Entensys\UTMAgent