Skip to main content

Illumio Core 23.5 Install, Configure, Upgrade

VEN-specific Proxy Configuration

In the 22.5-VEN release, you can choose to explicitly configure the Windows proxy for the VEN.

Caution

Enforce an allow rule for proxy connectivity

If your environment includes a proxy server, make sure your Illumio policy includes an allow rule for the proxy's IP:port before applying a new policy in Selective or Full Enforcement mode. Otherwise, if the VEN discovers that no allow rule is in place allowing the proxy connection, it reports a policy sync error and tries continually to sync policy. In that circumstance, the VEN and the PCE will not be able to communicate.

VEN-specific Proxy Configuration

Important

This preview feature is available for VENs deployed on servers or virtual machines and Endpoint VENs (VENs deployed on endpoints, such as laptops.)

Prior to this release, you didn't need to configure a proxy on Windows operating systems; instead, proxy configuration was discovered by the VEN by using the WPAD protocol or the Internet Explorer browser PAC file.

About the VEN-specific Proxy

In this release, the VEN CTL (including pairing script) supports the set-proxy, reset-proxy, and show-proxy commands to configure a proxy on Windows.

When configured with these commands, the setting takes precedence over netsh and discovery using the Internet Explorer PAC file as shown here:

Direct > VEN specific proxy (NEW) > WinHttp Proxy > IE setting for localSystem account

For more information about how the Windows VEN supports a proxy server, see VEN Proxy Support in this guide.

Explicitly Configure a Windows Proxy

Use the following commands to explicitly configure a Windows proxy.

Installation:

C:\Temp> .\illumio-ven-22.2.32-xxxx-preview.win.x64.exe /installVEN_PROXY_SERVER=<proxy_server:port>

Activation:

C:\Program Files\Illumio> .\illumio-ven-ctl.ps1 activate -management-server <pce_server:port> -activation-code <code> -proxy-server
<proxy_server:port
>

Restart:

You must restart the VEN after setting (or changing) its proxy configuration.

C:\Program Files\Illumio> .\illumio-ven-ctl.ps1 restart

Proxy Configuration Management:

The set-proxy command sets the proxy server for the VEN to use.

C:\Program Files\Illumio> .\illumio-ven-ctl.ps1 set-proxy
<proxy_server:port
>

The show-proxy command shows the current proxy configuration.

C:\Program Files\Illumio> .\illumio-ven-ctl.ps1 show-proxy

The reset-proxy command removes the current proxy configuration.

C:\Program Files\Illumio> .\illumio-ven-ctl.ps1 reset-proxy