You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/active-directory/manage-apps/application-proxy-configure-connectors-with-proxy-servers.md
+20-1Lines changed: 20 additions & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -9,7 +9,7 @@ ms.service: active-directory
9
9
ms.subservice: app-mgmt
10
10
ms.workload: identity
11
11
ms.topic: conceptual
12
-
ms.date: 05/21/2019
12
+
ms.date: 04/07/2020
13
13
ms.author: mimart
14
14
ms.reviewer: japere
15
15
ms.collection: M365-identity-device-management
@@ -23,6 +23,7 @@ We start by looking at these main deployment scenarios:
23
23
24
24
* Configure connectors to bypass your on-premises outbound proxies.
25
25
* Configure connectors to use an outbound proxy to access Azure AD Application Proxy.
26
+
* Configure using a proxy between the connector and backend application.
26
27
27
28
For more information about how connectors work, see [Understand Azure AD Application Proxy connectors](application-proxy-connectors.md).
28
29
@@ -134,6 +135,24 @@ The connector makes outbound TLS-based connections by using the CONNECT method.
134
135
135
136
Do not use TLS inspection for the connector traffic, because it causes problems for the connector traffic. The connector uses a certificate to authenticate to the Application Proxy service, and that certificate can be lost during TLS inspection.
136
137
138
+
## Configure using a proxy between the connector and backend application
139
+
Using a forward proxy for the communication towards the backend application might be a special requirement in some environments.
140
+
To enable this, please follow the next steps:
141
+
142
+
### Step 1: Add the required registry value to the server
143
+
1. To enable using the default proxy add the following registry value (DWORD)
144
+
`UseDefaultProxyForBackendRequests = 1` to the Connector configuration registry key located in "HKEY_LOCAL_MACHINE\Software\Microsoft\Microsoft AAD App Proxy Connector".
145
+
146
+
### Step 2: Configure the proxy server manually using netsh command
147
+
1. Enable the group policy Make proxy settings per-machine. This is found in: Computer Configuration\Policies\Administrative Templates\Windows Components\Internet Explorer. This needs to be set rather than having this policy set to per-user.
148
+
2. Run `gpupdate /force` on the server or reboot the server to ensure it uses the updated group policy settings.
149
+
3. Launch an elevated command prompt with admin rights and enter `control inetcpl.cpl`.
150
+
4. Configure the required proxy settings.
151
+
152
+
These settings make the connector use the same forward proxy for the communication to Azure and to the backend application. If the connector to Azure communication requires no forward proxy or a different forward proxy, you can set this up with modifying the file ApplicationProxyConnectorService.exe.config as described in the sections Bypass outbound proxies or Use the outbound proxy server.
153
+
154
+
The connector updater service will use the machine proxy as well. This behavior can be changed by modifying the file ApplicationProxyConnectorUpdaterService.exe.config.
155
+
137
156
## Troubleshoot connector proxy problems and service connectivity issues
138
157
139
158
Now you should see all traffic flowing through the proxy. If you have problems, the following troubleshooting information should help.
0 commit comments