VEN-specific Proxy Configuration
In the 22.5-VEN release, you can choose to explicitly configure the Windows proxy for the VEN.
Caution
Enforce an allow rule for proxy connectivity
If your environment includes a proxy server, make sure your Illumio policy includes an allow rule for the proxy's IP:port before applying a new policy in Selective or Full Enforcement mode. Otherwise, if the VEN discovers that no allow rule is in place allowing the proxy connection, it reports a policy sync error and tries continually to sync policy. In that circumstance, the VEN and the PCE will not be able to communicate.
VEN-specific Proxy Configuration
Important
This preview feature is available for VENs deployed on servers or virtual machines and Endpoint VENs (VENs deployed on endpoints, such as laptops.)
Prior to this release, you didn't need to configure a proxy on Windows operating systems; instead, proxy configuration was discovered by the VEN by using the WPAD protocol or the Internet Explorer browser PAC file.
About the VEN-specific Proxy
In this release, the VEN CTL (including pairing script) supports the set-proxy
, reset-proxy
, and show-proxy
commands to configure a proxy on Windows.
When configured with these commands, the setting takes precedence over netsh
and discovery using the Internet Explorer PAC file as shown here:
Direct > VEN specific proxy (NEW) > WinHttp Proxy > IE setting for localSystem account
For more information about how the Windows VEN supports a proxy server, see VEN Proxy Support in this guide.
Explicitly Configure a Windows Proxy
Use the following commands to explicitly configure a Windows proxy.
Installation:
C:\Temp> .\illumio-ven-22.2.32-xxxx-preview.win.x64.exe /installVEN_PROXY_SERVER=<proxy_server:port>
Activation:
C:\Program Files\Illumio> .\illumio-ven-ctl.ps1 activate -management-server <pce_server:port> -activation-code <code> -proxy-server<proxy_server:port>
Restart:
You must restart the VEN after setting (or changing) its proxy configuration.
C:\Program Files\Illumio> .\illumio-ven-ctl.ps1 restart
Proxy Configuration Management:
The set-proxy
command sets the proxy server for the VEN to use.
C:\Program Files\Illumio> .\illumio-ven-ctl.ps1 set-proxy<proxy_server:port>
The show-proxy
command shows the current proxy configuration.
C:\Program Files\Illumio> .\illumio-ven-ctl.ps1 show-proxy
The reset-proxy
command removes the current proxy configuration.
C:\Program Files\Illumio> .\illumio-ven-ctl.ps1 reset-proxy