Introduction
The gateway console https://<IP_address>:5480
is used for administrative configurations.
The gateway appliance runs Squid Proxy service by default. The proxy in gateway appliance helps bypass the the agent traffic via the gateway. All the agents behind the gateway connect to OpsRamp cloud via the gateway instead of a direct connection. Squid proxy service runs on port 3128.
Gateway proxy services allows you to run with or without restrictions. Using restrictions, you can avoid unauthenticated access. Modify the configuration at gateway console to allow access only to authenticated users, IPs, or URLs using the Squid proxy server at gateway.
Note
By default, Squid Proxy displays Stop state.Enabling and disabling proxy service
You can enable or disable proxy service either from the web interface or Serial UI.
OpsRamp console
To enable or disable proxy from the OpsRamp console:
- Log into the OpsRamp console at
https://<ipaddress>:5480
. - Click Proxy Configuration.
- Click Stop to disable or Start to enable the Squid proxy service.
Command line interface
To enable or disable proxy,
- Log into OpsRamp Serial UI by using the SSH connection to the gateway IP.
- Use Arrow keys to navigate to Squid Proxy and hit Enter.
- Use Arrow keys to Enable or Disable the service and Save.
Important
Disabling proxy services on the gateway impacts agents that are connecting by proxy.Running proxy services without restrictions
You cam start the proxy service without any restrictions. As a result, any agent can communicate via proxy without authentication or without any restriction.
To run proxy without restrictions:
- Log into gateway web user interface: https://
:<5480>. - From the left pane, click Proxy Configuration.
- Verify that the options of Without Credentials and No Restriction are selected for the following sections: Credentials, Inbound Restrictions, and URL or IP Restriction.
- Click Save to start the service without restrictions.
Running proxy services with restrictions
You can start the proxy service with restrictions. As a result, any agent connecting via proxy through the gateway is allowed only for the authenticated users, IPs, or URLs.
To run proxy with restrictions:
- Log into gateway web user interface:
https://<ipaddress>:<5480>
. - From the left pane, click Proxy Configuration. The fields of Credentials, Inbound Restrictions, and URL or IP Restriction appear.
- For Credentials, perform the following steps:
- Select the option With Credentials. Select Without Credentials if you do not want to add credential restriction.
- Provide user name and password for Credentials and click Create to add a user who can have access.
When credentials are provided, then the agent can communicate via proxy only with the user visible in the Allowed User list.
Note: You can add only one user.
- For Inbound Restrictions, provide the following:
- Select Allow Specific IPs. Select No Restriction if you want to allow all IPs.
- Enter detail in Provide range of IP addresses and click + to add.
The added IPs appear as Allowed IPs Range and are authenticated to access from the proxy server. For example, entering192.168.0.1/24
allows 254 IPs from192.168.0.1
to192.168.0.254
.
Specify only one IP if you do not want to allow the whole subnet.
- For URL/IP Restriction, provide the following:
- Select Allow Specific URL/IP. Select No Restriction to allow all URL/IP addresses if you do not want to restrict.
- Enter detail for Provide URL/IP to allow access via proxy and click + to add.
The added URL/IP appears as Allowed URL/IP. For example, if you specify api.vistanet.jp, then only that URL is allowed to access via proxy. Other URL/IP addresses are not allowed.
- Click Save to apply the restrictions.