This article is relevant for users on version 9.0 and above.
This article will detail how to properly push proxy settings with the Google Admin Console.
Google provides a way to push proxy settings for either your users within your Google Apps organization or devices that you've registered within the organization. We recommend pushing settings to your users, as the proxy settings will be tied to their Chrome login.
Go to your Google Dashboard and navigate to Devices ---> Chrome management ---> User & browser settings. Scroll down to Network and in the Proxy Mode drop down, select the type of proxy you wish to use. Now you can type in the URL for the PAC file or the IP address of your proxy followed by a colon and the proxy port.
From Devices, click on Chrome management.
Under Chrome management, select User & browser settings.
From here, scroll down to Network and you will see a drop down labelled "Proxy Mode", where you can choose "Always use the proxy auto-config specified below". Alternatively, if you are not using the PAC file, you would select "Always use the proxy specified below". Once you've made your selection, you can type in the requisite information that matches the proxy method you have chosen. When using just proxy settings, do not forget to append the port as you will have problems passing traffic if it is not there.
Cipafilters are configured with 8080 or 6226 as the proxy port by default. You can check this on your Cipafilter by going to the left-hand menu and selecting Web Filtering, located under the Next-Generation Firewall header.
Click on the Advanced Configuration tab and look at the Proxy Port entry.
Notes: There are a couple of things to keep in mind.
- While we do recommend using the PAC file, you can use the external IP address of the filter for the proxy address.
- If the Cipafilter is not the edge device, you will need to make sure that there is a port forward in place on your current edge device to allow proxy traffic to reach the Cipafilter on the specified proxy port.
How To - Upload the SSL Certificate to the Google Admin Console
Notes: Regardless of which deployment method you choose, all browsers must have the certificate installed for SSL inspection to work properly. It is important to know that filtering will still occur even without the certificate deployed, but users ...
How To: Setup Remote (1-to-1) Filtering aka Seamless Filtering
In order to remotely filter your devices, we will need several things in place beforehand. The first of which is an A record (host record) setup in your internal DNS to point at the internal IP address of the Cipafilter. The second thing we'll need ...
Manual - Google OAuth
Google APIs support the use of the OAuth 2.0 protocol; among other things, this allows Cipafilter to securely interface with Google Apps domains for the purpose of authentication. Two distinct but related Google authentication methods are provided by ...
Chrome - SSL Certificate Installation
This network employs a technology called SSL filtering which allows your network's administrators to filter out harmful or inappropriate Web content such as viruses and pornography. In order for this technology to work effectively, the network's ...
Google Apps Domain Restriction
This KB is relevant to users on versions 9.0 and above. Issue This KB will demonstrate how to enable Google Apps Domain Restriction Many Google Web properties, including Gmail, support a custom header which restricts access to the sites to accounts ...