About third-party proxy chaining
Proxy chaining enables you to connect to third-party cloud services, such as cloud access security broker (CASB) services. CASB services can enhance data security over cloud applications by providing you with a level of control and visibility similar to on-premises solutions.
When you configure proxy chaining, you’ll need to supply information about how to connect to your third-party’s proxy service. To do this, you’ll need one of these pieces of information:
• URL to a proxy auto-configuration (PAC) file. Typically, the third-party service supplies PAC files, which are available at public URLs. PAC files define how web browsers and other user agents automatically choose the third-party service’s proxy servers when fetching web resources.
• IP address and port number to the third-party proxy service.
• Hostname and port number to the third-party proxy service.
If SSL/TLS interception is enabled on your third-party service, you’ll also need the service’s CA certificate. The certificate must be in PEM format. The certificate can originate from a third-party CA or the service’s own internal CA. Similar to the certificate mentioned in
About SSL/TLS optimization, the third-party certificate must be uploaded to SAM and all end-user client systems.
To ensure uninterrupted service, we recommend that you whitelist SaaS Accelerator egress IP addresses in your third-party service configuration. Depending on your third-party service, you might need to configure additional items on their side.
You can view the proxy chaining status of deployed applications in the SaaS Accelerator page. Status can be:
• Healthy—Indicates normal operation.
• Warning— Indicates a communication issue between SAM and the third-party service.
• Critical—Indicates a configuration issue.