A typical configuration example of transparent proxy mode is shown as follows:
Transparent Proxy Example
In this example, the remote client’s address is
172.16.0.99, and it is attempting to connect to
the server at
80. The front-facing firewall is configured to route
10.0.0.99 through the Enterprise Gateway at address
192.168.0.9. The server is
configured to use the Enterprise Gateway at address
10.0.0.1 as its default IP router.
The Enterprise Gateway is multi-homed, and sits on both the
networks. It is configured with a listening interface at address
with transparent proxy mode switched on, as shown in the following Configure HTTP Interface
The Enterprise Gateway accepts the incoming call from the client, and processes it locally. However, there is no
communication with the server yet. The Enterprise Gateway can process the call to completion and respond to the
client—it is masquerading as the server.
If the Enterprise Gateway invokes a connection filter when processing this call (with transparent proxying enabled),
the connection filter consults the originating address of the client, and binds the local address of the new
outbound connection to that address before connecting. The server then sees the incoming call on the Enterprise Gateway
originating from the client (
172.16.0.99), rather than either of the Enterprise Gateway's IP addresses.
The following dialog shows the example configuration for the Connect to URL filter:
The result is a transparent proxy, where the client sees itself as connecting directly to the server,
and the server sees an incoming call directly from the client. The Enterprise Gateway processes two separate
TCP connections, one to the client, one to the server, with both masquerading as the other on each
Note: Either side of the transparent proxy is optional. By configuring the appropriate
settings for the incoming interface or the connection filter, you can masquerade only to the server, or only
to the client.