Skip to main content

Forward Proxy

UDMG supports Forward Proxy configuration for outbound, client-initiated file transfer connections to remote SFTP and FTP(S) servers. This allows UDMG to route outbound traffic through approved enterprise egress points to meet corporate security policies.

Forward Proxy is configured at the Domain level through the UDMG Admin UI. Supported Endpoints can then enable Use Forward Proxy individually, allowing each one to either use or bypass the Domain proxy configuration.

Before You Begin

Supported Proxy Mechanisms and Endpoints

UDMG supports the following forward proxy mechanisms:

  • SOCKS5
  • HTTP CONNECT tunneling (via an HTTP or HTTPS proxy)

You can use the Forward Proxy only for outbound connections initiated by these Endpoint types:

info

Forward Proxy support is limited to SOCKS5 and HTTP CONNECT.

info

HTTP CONNECT tunneling requires that the proxy server supports the CONNECT method. Not all HTTP proxy servers may support the CONNECT method and some might only allow HTTPS traffic.

If your HTTP proxy requires authentication, only the Basic authentication scheme is supported. Confirm the proxy type and authentication requirements with your network administrator.

Know Your Proxy Server

Before configuring a Forward Proxy in UDMG, gather the following details:

  • Proxy Type: SOCKS5, HTTP, or HTTPS.
  • Proxy Host Address: Hostname or IP address of the proxy server.
  • Proxy Port: Listening port of the proxy server.
  • Proxy Credentials (if required): Username and password for proxy authentication.

Prepare Optional Proxy Credentials

If your proxy requires authentication, create the corresponding Username and Password Credential in UDMG, following these steps.

You will reference this Credential from the Forward Proxy configuration.

Configuring Forward Proxy

Forward Proxy is configured at the Domain level. To configure it, follow these steps:

  1. From the Sidebar, click General > Settings.
  2. Click the Forward Proxy card.
  3. Click Edit.
  4. Complete the fields using the Field Descriptions table as a guide.
  5. Click Save.

Field Descriptions

NameDescriptionSpecificationsRequired
NameThe name of the Forward Proxy.Must follow the Standard Naming Pattern.Yes
DescriptionThe description of the Forward Proxy.No
Proxy Type

The forward proxy mechanism used for outbound connections.

Options:

  • HTTP
  • HTTPS
  • SOCKS5
  • Use HTTP or HTTPS when your environment requires HTTP CONNECT tunneling.
  • Use SOCKS5 when your environment provides a SOCKS proxy.
Yes
Proxy Host AddressHostname or IP address of the proxy server.Do not include a port in this field. Configure the port separately in Proxy Port.Yes
Proxy PortNetwork port on which the proxy server is listening.Must be an integer between 1 and 65535.Yes
Credentials (Username and Password)Optional Credential used to authenticate with the proxy server.Must reference an already created Username and Password.No

Using Forward Proxy in Outbound Endpoints

Forward Proxy usage is enabled per endpoint. The toggle is available only on:

To enable or disable Forward Proxy for an endpoint:

  1. Go to the relevant endpoint page.
  2. Click Edit.
  3. Toggle Use Forward Proxy:
    • Enabled: the endpoint will attempt to use the Domain's Forward Proxy configuration.
    • Disabled (default): the endpoint will connect directly (no proxy).
  4. Click Save.
info

If no Domain Forward Proxy is configured, or if it is disabled, enabling Use Forward Proxy on an endpoint has no effect (the connection proceeds without a proxy).

Enabling and Disabling Forward Proxy

The Domain Forward Proxy configuration can be Enabled or Disabled to control whether proxying is active for the Domain.

  • Enabled: Eligible endpoints with Use Forward Proxy enabled will route outbound connections through the proxy.
  • Disabled (default): No endpoints use the proxy, even if Use Forward Proxy is enabled on the endpoint.

This provides a single control point to temporarily bypass proxy usage during maintenance or incident response.

Role Requirements

Forward Proxy configuration impacts outbound connectivity across the Domain and is restricted accordingly:

  • Editing the Domain Forward Proxy requires Domain Admin or System Admin permissions.
  • Enabling or disabling Use Forward Proxy on an endpoint requires endpoint edit permissions, including:
    • Domain Admin
    • System Admin
    • Pipeline Management

Logging and Troubleshooting

When Forward Proxy is configured and enabled, UDMG logs proxy-related connection failures to help distinguish between:

  • Proxy DNS/hostname resolution failures
  • Proxy connectivity issues (connection refused, timeouts)
  • Proxy authentication failures
  • HTTP CONNECT negotiation failures
  • Target host handshake failures occurring after the proxy tunnel is established