Add rules for Sidewinder Proxy

Use one of the default Service elements for Sidewinder Proxy or a custom Service element in the Access rules to specify which traffic uses Sidewinder Proxies.

In some cases, connections might not use the Sidewinder Proxy.

  • If the policy contains rules that match traffic based on the payload, such as Applications or category-based web filtering, connections might not match rules that specify an Sidewinder Proxy.

    To avoid this limitation, do not add rules that match traffic based on the payload to the same policy where you use SSM Proxies.

  • If you use a rule with the Continue action to specify a Sidewinder Proxy as a default Protocol, rules later in the policy can override the defaults set in Continue rules.

    To avoid this limitation, do not add rules that specify a Protocol of the type Protocol Agent or Protocol Tag for the same matching criteria as the Continue rules for SSM Proxies.

Because many websites use a combination of HTTP and HTTPS, users might not be able to connect to these websites if you add only one rule that applies the Sidewinder HTTP Proxy to HTTPS traffic. We recommend that you add a separate rule that allows unencrypted HTTP traffic or allow HTTP traffic in the same rule that applies the Sidewinder HTTP Proxy to HTTPS traffic.

  For more details about the product and how to configure features, click Help or press F1.

Steps

  1. To specify which traffic uses Sidewinder Proxies, add the following type of Access rules to the Firewall Policy:
    Table 1. Access rules for Sidewinder Proxy
    Source Destination Service Action
    The elements that represent hosts in the internal network, or ANY. The elements that represent external servers, or ANY. One or more custom Service elements, or one or more default Service elements for Sidewinder Proxy.

    Allow or Continue
  2. Save and install the policy to start using the new configuration.