The CloudGen Access Proxy should be deployed per network/VLAN. Proxies should be deployed as close as possible to resources that they serve to maximize security and performance.
Test Connectivity from the Device to the CloudGen Access Proxy
Get the CloudGen Access Proxy details from the CloudGen Access Enterprise Console.
Try to open an SSL connection to the proxy and confirm that the first lines reference Fyde Root Certificate Authority.
โ openssl s_client -showcerts -servername <proxy_host> -connect <proxy_host>:<proxy_port>
CONNECTED(00000006)
depth=3 CN = Fyde Root Certificate Authority
verify error:num=19:self signed certificate in certificate chain
verify return:1
depth=3 CN = Fyde Root Certificate Authority
verify return:1
depth=2 CN = Fyde Intermediary Certificate Authority
verify return:1
depth=1 CN = fyde://xxxx-xxxxxx-xxxx/
verify return:1
depth=0
verify return:1
...
If the request fails or the operation times out, that means you are not reaching the CloudGen Access Proxy.
Check the following:
Proxy Host DNS record, if using DNS, is being resolved to the correct IP.
Proxy Host IP, if using IP instead of DNS, is correct.
Proxy Host IP is accessible to you. This usually means it needs to be publicly accessible.
Proxy Port, defined in the console, is open in your network. Public networks usually allow only 80 and 433 outbound. Using other ports for the proxy might make it inaccessible for clients.
NAT configuration in the device/service that is exposing the CloudGen Access Proxy.
Firewall rules to allow inbound communication to the configured CloudGen Access Proxy.