Set up Client Proxy

You need to first set up the Client Proxy software on the Web Gateway Setup page.

This includes the configuration of tenant credentials, primary proxy server, proxy selection method (how Client Proxy software selects the active proxy server from the list) and create a Client Proxy policy with the default values. Make sure to download the policy and deploy it to the endpoints. Once you successfully deploy Client Proxy on the endpoints, the administrators can customize the Client Proxy policy on the SCP Configuration page in the UI.

1. On the Skyhigh CASB navigation bar, click the settings icon.
2. From the drop-down list, select Infrastructure | Web Gateway Setup.
3. Click Get Started.
4. In Enter Tenant Authentication Credentials, click Configure.
   1. In the New Shared Secret field, enter the new shared secret. The shared secret is the password that secures communication between Client Proxy and Skyhigh Security WGCS.
   2. In the Confirm New Shared Secret field, confirm the new shared secret.
   3. Click Save.
5. In Define Gateway Server Address, click Configure.
   1. From the Add Gateway drop-down list, enter gateway hostname or IP address of the gateway, and listening port. Best practice is to configure two gateways, using fully qualified domain names (FQDN) for the host names and specifying port 8080 for one gateway and 80 to the other gateway.
   2. Click the + icon to configure another proxy server.
   3. (Optional), From the Import CSV drop-down list, you can import the gateway details from the .csv file.
   4. (Optional), From the Export CSV drop-down list, you can download the configured gateway list to the .csv file.
   5. Click Save.
6. In Gateway Selection Method, click Configure.
   • First Available — Select this to connect to the first accessible proxy server from the list that you configure. This option is useful when you prefer to select a specific server.
     • Automatic Switch Over — Select this to automatically switch to the next available proxy server when the first accessible proxy server is down. For example, if you have two proxy servers in the list and when the first server is down and second server is reachable, Client Proxy automatically selects the second proxy server as the active proxy server to redirect the endpoint traffic. In addition, when you select this option, Client Proxy checks for the availability of the first configured proxy server periodically based on the interval set in the Polling Interval field. When the first configured proxy becomes available, Client Proxy elects the first configured server as the active server to redirect the traffic. If this option is not selected, Client Proxy does not check for the active server periodically. This option is available only when you select First Available.
     • In Polling Interval (10 to 3600 seconds), specify the interval the Client Proxy software checks for the active gateway in the configured gateway list.
   • Fastest Response Time — Select this to connect to the proxy server that has the fastest response time in the list that you configure.
   • Click Save.
7. In Name and Publish Policy, click Configure.
   1. Provide a name for the policy.
   2. Click Save Policy.
8. Click the yellow badge to publish the saved changes.
9. Click Download to download the Client Proxy policy file saved to an .opg file. Once Client Proxy software is installed on endpoints, the Client Proxy needs its first policy configuration to communicate to Skyhigh Security WGCS. Rename the .opg file to SCPPolicy.opg and copy it to this location on the client computers.
   • Windows-based computers — C:\ProgramData\Skyhigh\SCP\Policy\Temp
   • macOS computers — /usr/local/McAfee/Scp/policy
     
     The Client Proxy establishes trust and redirect traffic to Skyhigh Security WGCS using tenant Information and shared secret.