Working with proxy servers - TMG and ISA

Last Modified

Tue Dec 01 22:50 GMT 2020

Description

  • Agents and probes are capable of communicating through:
  • non-authenticating proxy servers,
  • clear-text authenticating proxy servers,
  • Internet Security and Acceleration (ISA) 2000/2004/2006 proxy servers, and,
  • Microsoft Forefront Threat Management Gateway (TMG) proxy servers.
  • If a proxy server resides on your customer’s network, you may need to configure the N-able N-central10.0 agent/probe software so that it can pass information through the proxy server and on to your N-able N-central10.0 server.

Environment

  • N-able N-central

Solution

To configure an agent/probe to use a proxy string, specify the proxy string during the creation of the agent/probe in the N-able N-central UI. The information below will outline the appropriate proxy string to enter based on the type of proxy server implemented in your customer’s network.

Non-authenticating Proxies

The proxy string must have the following format:

http://<server name>:<port number>

https://<server name>:<port number>

Example: https://192.168.0.10:8080
Clear-text Authenticating Proxies

The proxy string must have the following format:

http://<proxy user>:<proxy password>@<server name>:<port number>

https://<proxy user>:<proxy password>@<server name>:<port number>

Example: https://username:Password@192.168.0.10:8080
Microsoft ISA and Forefront TMG Proxies

The proxy string must have the following format:

https://<domain of the proxy>\<proxy user in domain>:<proxy password in domain>@<server name>:<port number>

Example: https://OFFICE\username:password@192.168.0.10:8080
Note: Basic HTTP authentication must be activated for this to work. For more information, refer to the Microsoft Knowledge Base document: How to Allow Third-Party Internet Application Connections through ISA Server 2000 (specifically, Method 2: Enable Basic Authentication for Outgoing Web Requests).
Warning! The procedures explained above and in the Microsoft KB document should be reviewed, approved and implemented by a Microsoft Certified Professional holding a Microsoft Certified Systems Engineer + Internet or equivalent designation or experience.

Confirm with your customer that the operations described above are considered permissible. Do not proceed without customer consent.

It is also possible to configure an ISA/TMG server to permit direct access that will allow the agents and probes to communicate with the N-able N-central server. For the steps required to make this configuration change, please refer to the following: