Proxy chaining configuration

This graphic shows the flow of a request when proxy chaining is configured in a network that’s enabled for authentication and dynamic malware analysis. For more information about proxy chaining, see Proxy chaining.

In this graphic:

  1. All DNS, HTTP, and HTTPS requests are forwarded from the user’s device to the on-premises proxy.
  2. As a result of a proxy chaining configuration, the on-premises proxy forwards requests to ETP Proxy. If enabled to do so, the on-premises proxy adds the X-Forwarded-For header to identify the client IP address on the corporate network.
  3. DNS requests are forwarded to ETP DNS server. Information about the domain and the HTTP or HTTPS request is recorded in ETP. If you select to trust the X-Forwarded-For header, ETP Proxy can identify the client IP address. The client IP address is included in the reported threat events.
  4. If authentication is required or optional in the associated policy, the user is prompted to authenticate based on the identity provider configuration. The request proceeds as long as authentication is successful. Authentication requires that you configure the X-Forwarded-For header.
  5. Based on the policy, an action is applied to traffic. If the traffic is allowed, the request is directed to the origin and the user is granted access. Otherwise, it’s blocked and an error page is shown to the user.
    Note: If the bypass action is configured, the request bypasses TLS man-in-the-middle (MITM) decryption and it’s sent directly to the origin IP address or the destination web server.
  6. If the request is allowed and you enabled payload analysis for large files, you can scan website content after it's downloaded by your browser. If your organization is licensed for Advanced Sandbox and you also enabled Dynamic Analysis, this content is directed to a secure sandbox environment.