About third-party proxy chaining configuration
Configuring proxy chaining involves these actions:
• Configuring SAM to work with your third-party service.
• Configuring client-side SteelHead appliances or Client Accelerator endpoints for interoperability with the feature.
We strongly recommend using a controller appliance, such as SteelCentral Controller for SteelHead (SCC) or Client Accelerator Controller, if you need to configure several appliances or endpoint devices.
• Configuring appliances and endpoints to trust and send traffic to the third-party service.
You’ll also probably need to make a few changes to your configuration at the third-party service’s portal, such as whitelisting SaaS Accelerator egress IP addresses there.
About the XFF header
Configuration settings for the proxy chaining feature include an option to forward the internal IP address of the client in the XFF header. This is helpful for debugging, statistics, and generating location-dependent content.
The XFF header exposes privacy sensitive information. Including internal IP addresses in this header can be a security risk. Use this option with caution.
About SaaS Accelerator egress IP addresses
These IP addresses are used to connect the SaaS Accelerator service to the third-party service. To ensure uninterrupted service, consider whitelisting these IP addresses in your third-party service configuration. SaaS Accelerator egress IP addresses are listed in SAM under the Proxy Chaining tab of the Advanced Config page.