Forum Discussion

Thomas_Schocka1's avatar
Thomas_Schocka1
Icon for Altocumulus rankAltocumulus
Dec 11, 2012

Network Access - SSLVPN - client system proxy settings

Hi all,

 

 

I was wondering if someone could tell me whether the Network Access module (with the BigIP Edge Client) has support for changing the client's proxy settings.

 

The setup is as follows:

 

- standard Access Policy with logon page > radius auth > resource assign (network access)

 

If the client cannot find its proxy server (defined by a PAC file that is indicated by a URL preset in the browser), it will not open the logon page when he clicks connect in the bigip edge client as this page is loaded from the virtual server's IP. So if the edge client could be configured to override the proxy settings, it will be able to load this page.

 

The problem arises from the fact that the computers normally never leave the internal network and thus can always find the proxy file. If they leave the network and try to dialin, the not-finding-the-proxy-file will prevent them from opening any page whatsoever - including when the edge client wants to open the logon page - meaning they will never be able to connect to the VPN.

 

 

I know that for example Juniper SA can do this perfectly fine, and it seems like a basic feature to me, but I cannot find it anywhere. Is it missing or should I buy new glasses?

 

 

Kind regards,

 

 

Thomas

 

config
design

2 Replies

Sort By
  • What_Lies_Bene1's avatar
    What_Lies_Bene1
    Icon for Cirrostratus rankCirrostratus
    Dec 12, 2012
    I would have thought this behavior should be controlled by browser settings rather than looking to overide the proxy with the Edge Client. If you're using IE you might want to take a look at this - perhaps you have proxy caching disabled: http://support.microsoft.com/kb/271361
  • Jörg_Lehrke's avatar
    Jörg_Lehrke
    Icon for Nimbostratus rankNimbostratus
    Jun 25, 2019

    Years passed and still the same issue 😥

    Our company laptops are maintained by the central IT and user can not change the local proxy settings. Within the company network you need to use the proxy to reach external sites. Road warriors using the Edge client on the other hand will never use a proxy to connect to the APM-Server. How can I configure the Edge client to ignore the local proxy settings for the VPN tunnel establishment? I expect at least an option to configure application specific proxy settings (like for e.g. Firefox). Any suggestions?

    A proxy exception fro the APM-Servers is only half the truth, if you think e.g. about CRLs. You can not configure proxy exceptions for revocation list delivery, as you might experience problems with all browsers within the company network.