Forward Proxy
UDMG supports Forward Proxy configuration for outbound, client-initiated file transfer connections to remote SFTP and FTP(S) servers. This allows UDMG to route outbound traffic through approved enterprise egress points to meet corporate security policies.
Forward Proxy is configured at the Domain level through the UDMG Admin UI. Supported Endpoints can then enable Use Forward Proxy individually, allowing each one to either use or bypass the Domain proxy configuration.
Before You Begin
Supported Proxy Mechanisms and Endpoints
UDMG supports the following forward proxy mechanisms:
- SOCKS5
- HTTP CONNECT tunneling (via an HTTP or HTTPS proxy)
You can use the Forward Proxy only for outbound connections initiated by these Endpoint types:
Forward Proxy support is limited to SOCKS5 and HTTP CONNECT.
HTTP CONNECT tunneling requires that the proxy server supports the CONNECT method. Not all HTTP proxy servers may support the CONNECT method and some might only allow HTTPS traffic.
If your HTTP proxy requires authentication, only the Basic authentication scheme is supported. Confirm the proxy type and authentication requirements with your network administrator.
Know Your Proxy Server
Before configuring a Forward Proxy in UDMG, gather the following details:
- Proxy Type: SOCKS5, HTTP, or HTTPS.
- Proxy Host Address: Hostname or IP address of the proxy server.
- Proxy Port: Listening port of the proxy server.
- Proxy Credentials (if required): Username and password for proxy authentication.
Prepare Optional Proxy Credentials
If your proxy requires authentication, create the corresponding Username and Password Credential in UDMG, following these steps.
You will reference this Credential from the Forward Proxy configuration.
Configuring Forward Proxy
Forward Proxy is configured at the Domain level. To configure it, follow these steps:
- From the Sidebar, click General > Settings.
- Click the Forward Proxy card.
- Click Edit.
- Complete the fields using the Field Descriptions table as a guide.
- Click Save.
Field Descriptions
| Name | Description | Specifications | Required |
|---|---|---|---|
| Name | The name of the Forward Proxy. | Must follow the Standard Naming Pattern. | Yes |
| Description | The description of the Forward Proxy. | No | |
| Proxy Type | The forward proxy mechanism used for outbound connections. Options:
|
| Yes |
| Proxy Host Address | Hostname or IP address of the proxy server. | Do not include a port in this field. Configure the port separately in Proxy Port. | Yes |
| Proxy Port | Network port on which the proxy server is listening. | Must be an integer between 1 and 65535. | Yes |
| Credentials (Username and Password) | Optional Credential used to authenticate with the proxy server. | Must reference an already created Username and Password. | No |
Using Forward Proxy in Outbound Endpoints
Forward Proxy usage is enabled per endpoint. The toggle is available only on:
To enable or disable Forward Proxy for an endpoint:
- Go to the relevant endpoint page.
- Click Edit.
- Toggle Use Forward Proxy:
- Enabled: the endpoint will attempt to use the Domain's Forward Proxy configuration.
- Disabled (default): the endpoint will connect directly (no proxy).
- Click Save.
If no Domain Forward Proxy is configured, or if it is disabled, enabling Use Forward Proxy on an endpoint has no effect (the connection proceeds without a proxy).
Enabling and Disabling Forward Proxy
The Domain Forward Proxy configuration can be Enabled or Disabled to control whether proxying is active for the Domain.
- Enabled: Eligible endpoints with Use Forward Proxy enabled will route outbound connections through the proxy.
- Disabled (default): No endpoints use the proxy, even if Use Forward Proxy is enabled on the endpoint.
This provides a single control point to temporarily bypass proxy usage during maintenance or incident response.
Role Requirements
Forward Proxy configuration impacts outbound connectivity across the Domain and is restricted accordingly:
- Editing the Domain Forward Proxy requires Domain Admin or System Admin permissions.
- Enabling or disabling Use Forward Proxy on an endpoint requires endpoint edit permissions, including:
- Domain Admin
- System Admin
- Pipeline Management
Logging and Troubleshooting
When Forward Proxy is configured and enabled, UDMG logs proxy-related connection failures to help distinguish between:
- Proxy DNS/hostname resolution failures
- Proxy connectivity issues (connection refused, timeouts)
- Proxy authentication failures
- HTTP CONNECT negotiation failures
- Target host handshake failures occurring after the proxy tunnel is established