Support of an on-premises HTTP forward proxy
In the case where the on-premises proxy performs TLS verification and decryption, you must configure your organization’s proxy to accept traffic from ETP Proxy, which also performs TLS decryption and resigns the traffic with its own certificates. This is done by configuring the on-premise proxy to trust the same man-in-the-middle (MITM) TLS certificates as computers in your organization. For instructions on how to add additional trusted root certificate to the existing proxy server, see the documentation of your on-premise proxy solution.
Most on-premise proxies allow you to send the X-Forwarded-For (XFF) header to the downstream proxy. ETP captures this HTTP header for threat events. You can view the internal IP address of the client computer in the Request Headers information that’s reported on the Event Details window of the HTTP or HTTPS threat event. This data is available on the Details subtab of the Event Details window.
The security connector uses an internal IP address in the internal network. When instructed, the user’s browser contacts Security Connector directly. As a result, requests bypass the local proxy.