You can configure next-hop proxies to redirect access to websites using additional proxies and make them also available for cloud use.
When configuring IP addresses for next-hop proxies, internal and other protected addresses must not be used as cloud addresses. So, for example, do not use internal IP addresses for Skyhigh Security Web Security Gateway Service here.
Addresses that must not be used are also excluded by a check that the proxy functions on Web Gateway perform.
- Select Policy | Rule Sets.
- Import the Next-Hop Proxy rule set.
- On the rule sets tree, navigate to the position where you want to insert this rule set.
- From the Add drop-down list, select Rule Set from Library.
- From the Next-Hop Proxy group of rule sets select the Next-Hop Proxy rule set.
If conflicts arise when importing this rule set, they are displayed in the window. Methods for solving them are also suggested.
- Click OK.
The rule set is inserted in the rule sets tree. A view of the rule set is shown in the configuration pane. It is enabled by default.
Settings for the rule set are also implemented.
- In the configuration pane, click Enable in cloud to make this rule set available for cloud use.
- To configure settings for the rules in this rule set, click Edit under Next-Hop Proxy Settings.
The Edit Settings window opens with the settings for next-hop proxies displayed.
- Edit these settings as needed.
NOTE: For cloud use, only the round-robin mode is available to call proxies from the selected list of next-hop proxies.
- Click Save Changes.
Next-hop proxies can now be used to redirect access to websites for on-premise and cloud users.