Server-side explicit proxy support

Standalone Sentry supports sending traffic through an HTTP proxy server to access corporate resources. The proxy server is located behind the firewall and sits between the Sentry and corporate resources. This deployment allows you to access corporate resources without having to open the ports that Sentry would otherwise require.

Consider the following:

•This configuration is only supported for AppTunnel traffic.

•Proxy is configured for each AppTunnel service. You may configure proxy for some AppTunnel services and not for other AppTunnel services on the same Sentry.

•Only one proxy server per Standalone Sentry is supported.

•The same proxy server may be configured on multiple Sentrys.

Standalone Sentry filters HTTP traffic through a TCP tunnel that uses server-side explicit proxy. For HTTP traffic through a TCP tunnel, if server-side explicit proxy is configured, Standalone Sentry will treat the explicit proxy as HTTP proxy. The HTTP request URL will be modified to include the target host.

In all other cases, Standalone Sentry treats the explicit proxy server as a TCP proxy server. Sentry will send a HTTP CONNECT request to the explicit proxy, followed by TCP data.

You configure outbound server-side explicit proxy in the Admin Portal in Services > Sentry. Add or Edit an existing Standalone Sentry. Enter the required information for Server-side Proxy in the App Tunneling Configuration section. For detailed information, see “Adding an entry for Standalone Sentry on MobileIron Core”.