Set an Access Gateway proxy server

This procedure describes how to set a proxy for Access Gateway.

Worker nodes retrieve information from the admin node over HTTPS. The following traffic is routed through the proxy:

  • Communication to the Identity Provider.
  • Communication with the YUM repositories.

Setting or unsetting a proxy requires a system restart. Ensure that sufficient restart downtime is accounted for.

Access Gateway doesn't support SSL decryption.

Before you begin

Nodes, workers, and admin nodes must be set up in the following ways before you can set a proxy for Access Gateway:

  • All nodes must be in the proxy bypass when you sync nodes.
  • The worker node requires that the admin node is in the proxy bypass.
  • The admin node requires that the worker nodes are in the proxy bypass.

Set the proxy for Access Gateway

  1. Sign in to the Access Gateway Management console.

    Use either ssh oag-mgmt@admin, or with virtual environments (for example, Oracle VirtualBox), use the command window provided by the environment.

    Username: oag-mgmt Password: <default-password>

    The first time you sign in to Access Gateway Management console you must change the default password. See Initial sign in to Access Gateway Management console.

  2. Enter 1 - Network.
  3. Enter 5 - Proxy settings. See Proxy settings for a complete list of all proxy-related commands.
  4. Choose either 1 - Set proxy or 2 - Unset proxy. Enter Ctrl + c at any time to abort.

    To set a proxy:

    • Enter proxy host: <proxy host name> or <ip address of proxy>
    • Enter proxy port: <port where proxy is listening>
    • Enter hosts that need to bypass proxy: <comma separated list of hosts that bypass proxy>
    • Enter y to confirm or N to cancel.

    To unset a proxy:

    • Enter y to unset a proxy, or N to cancel.
  5. Enter x to return to the Proxy settings menu.
  6. Enter x to return to the Network menu.
  7. Enter x to return to the main menu.
  8. Enter 5 - System.
  9. Enter 5 - Reboot.
  10. Enter y to confirm reboot.

High availability clusters: Repeat the process on all cluster members.