Setting up a proxy connection

If your enterprise uses a proxy to access the Internet, your BigFix environment can use that communication path to gather content from sites.

In this case, you must configure the connection to the proxy on the BigFix server.

During a fresh installation, you are asked if you want to configure the communication through a proxy. The configuration settings that you enter are saved and used at run time to gather content from sites. For information about configuring a proxy connection at installation time, see Installing the Windows primary server for Windows systems, or Installing the Server for Linux systems.

To specify or modify the configuration for communicating with a proxy after installation, follow the instructions provided in Setting a proxy connection on the server.
Important: If this configuration step is needed and you skip it, your environment will not work properly. A symptom of this misbehavior is that the site contents are not displayed on the console.
Note: You can also keep your system physical disconnected from the Internet by using an air-gapped implementation. For more information about this implementation, see Downloading files in air-gapped environments.

In addition to the gather process, the BigFix server or a relay can use the proxy connection to do component-to-component communication or to download files from the Internet.

The following list shows the most common proxy configurations that apply to a BigFix environment:
A relay connected to the Internet through a proxy to download files

The image shows a configuration where a proxy is used to allow a relay to download files over the internet
To set this configuration on the relay:
  1. Run the steps that are described in Setting up a proxy connection on a relay to configure on the relay the communication to the proxy.
  2. From the BigFix console set on the relay the following additional values to ensure that data is downloaded exclusively from the internet rather than from the parent relay:
    _BESGather_Download_CheckParentFlag = 0
_BESGather_Download_CheckInternetFlag = 1
    For more information about these configuration settings, see Gathering content.
Note: To prevent communication from the relay to the server from going through the proxy, ensure that the proxy exception list is set on the relay as follows: "127.0.0.1, localhost, <serverIP_addess>, yourdomain.com".
A client connected through a proxy to communicate with its parent relay

The image shows a configuration where a proxy is used to allow a relay to communicate with a client
To set this configuration, on the client run the steps that are described in Setting up a proxy connection on a client and in Enabling client polling.
A relay connected through a proxy to communicate with a parent relay

The image shows a configuration where a proxy is used to allow two relays to communicate
Complete these steps to implement this configuration: