- Table of Contents
-
- 04-Policies
- 01-Security policy
- 02-Security policy redundancy analysis
- 03-Security policy hit analysis
- 04-Security policy optimization
- 05-Policy-based NAT
- 06-Interface NAT
- 07-AFT
- 08-QoS
- 09-Bandwidth management
- 10-Application audit
- 11-Application proxy
- 12-IP reputation
- 13-Domain reputation
- 14-Blacklist
- 15-Connection limit
- 16-Server connection detection
- 17-Access rate limit
- 18-DLP
- 19-Server load balancing
- 20-Outbound link load balancing
- 21-Inbound link load balancing
- 22-Transparent DNS proxy
- 23-NetShare control
- 24-Zero trust policy
- 25-Trusted application proxies
- 26-Trusted API proxies
- 27-NAT66
- 28-uRPF
- 29-Load balancing common configuration
- Related Documents
-
Title | Size | Download |
---|---|---|
25-Trusted application proxies | 28.88 KB |
Trusted application proxies
This help contains the following topics:
· Configure a trusted application proxy
Introduction
Configure a trusted application proxy
1. Click the Policies tab.
2. In the navigation pane, select Zero Trust > Trusted App Proxies.
3. Click Create.
4. Configure the trusted application proxy parameters.
Table 1 Basic trusted application proxy configuration items
Item |
Description |
Name |
Enter the name of the trusted application proxy, which is a case-insensitive string. |
IPv4 address |
Enter the IPv4 address used to provide trusted application proxy services. |
Port number |
Enter the port number for the trusted application proxy. If the trusted application proxy uses an SSL policy, you must specify a non-default port number for it (a typical example is 443). |
Proxy function |
Enable or disable the trusted application proxy. |
Trusted access controller |
Specify a trusted access controller for the trusted application proxy. The device will direct traffic matching the trusted application proxy to the specified trusted access controller for authentication and authorization. Only the users passing the authentication and authorization are allowed to proceed with subsequent procedures. You can select an existing trusted access controller or create a new trusted access controller. |
SSL client policy |
Specify the SSL client policy used by the trusted application proxy to encrypt traffic exchanged between the device (SSL client) and the SSL server. You can select an existing SSL client policy or create a new SSL client policy. |
SSL server policy |
Specify the SSL server policy used by the trusted application proxy to encrypt traffic exchanged between the device (SSL server) and the SSL client. You can select an existing SSL server policy or create a new SSL server policy. |
Max connections |
Set the maximum number of connections allowed by the trusted application proxy. 0 means not limited. |
Max connections per second |
Set the maximum number of connections allowed by the trusted application proxy per second. 0 means not limited. |
Table 2 Advanced trusted application proxy configuration items
Item |
Description |
LB policy |
Specify an LB policy for the trusted application proxy. Based on the LB policy rules, the device performs load balancing for packets matching the trusted application proxy according to their content. You can select an existing LB policy or create a new LB policy. A HTTP-type trusted application proxy can use only an LB policy of the generic or HTTP type. |
Connection limit policy |
Specify a connection limit policy for the trusted application proxy. The number of connections to the trusted application proxy will be limited by the specified policy. You can select an existing connection limit policy or create a new connection limit policy. |
TCP parameter profile (client) |
Specify a TCP parameter profile for the trusted application proxy. The device uses the parameter profile settings to process matching traffic. The client-side TCP parameter profile applies only to TCP connections between the device and the client. You can select an existing TCP parameter profile or create a new TCP parameter profile. |
TCP parameter profile (server) |
Specify a TCP parameter profile for the trusted application proxy. The device uses the parameter profile settings to process matching traffic. The server-side TCP parameter profile applies only to TCP connections between the device and the server. You can select an existing TCP parameter profile or create a new TCP parameter profile. |
HTTP parameter profile |
Specify an HTTP parameter profile for the trusted application proxy. The device uses the parameter profile settings to process matching traffic. You can select an existing HTTP parameter profile or create a new HTTP parameter profile. |
HTTP protection policy |
Specify an HTTP protection policy for the trusted application proxy. The device uses the protection policy settings to protect traffic matching the trusted application proxy. You can select an existing HTTP protection policy or create a new HTTP protection policy. |
Content security function |
Enable or disable the content security function. |
Content security-WAF profile |
Specify a WAF profile for content security. The device performs web application protection for traffic matching the trusted application proxy. For more information about WAF profiles, see WAF help. |
Content security-IPS profile |
Specify an IPS profile for content security. The device performs intrusion prevention for traffic matching the trusted application proxy. For more information about IPS profiles, see IPS help. |
Content security-Anti-virus profile |
Specify an anti-virus profile for content security. The device performs anti-virus prevention for traffic matching the trusted application proxy. For more information about anti-virus profiles, see anti-virus help. |
5. Click OK.
The trusted application proxy will be displayed on the trusted application proxy page.