Skip Navigation

Scenario 2: Route all traffic through the
BlackBerry Proxy
and then through a web proxy server

This configuration is appropriate for organizations that require all traffic from work apps to be routed internally. A web proxy server is required for internal servers to connect to the internet.
For example, connections to public sites like google.com and microsoft.com as well as internal
Microsoft Exchange Server
s and
SharePoint
servers must all be routed internally through the
BlackBerry Proxy
.
In this configuration, it is assumed that a web proxy server connection to the Internet is also required, because most organizations that require all traffic to be routed internally also require that traffic be routed through a web proxy server for filtering or monitoring.
BlackBerry Dynamics
connectivity profile
  1. Set the
    Default allowed domain route type
    to
    BlackBerry Proxy cluster
    .
  2. (Optional) Add internal domains to the
    Allowed domains
    list. This is not necessary when the
    Default allowed domain route type
    is set to route through the
    BlackBerry Proxy
    .
  3. (Optional) Add specific server names under
    Additional servers
    and select a
    BlackBerry Proxy
    cluster. This is not necessary when the
    Default allowed domain route type
    is set to route through the BlackBerry Proxy.
  4. (Optional) If you want specific servers to be exempt from the default routing through the
    BlackBerry Proxy
    , you can specify specific domains (either under
    Allowed domains
    or
    Additional servers
    ) and select
    Direct
    . This allows you to route most traffic through
    BlackBerry Proxy
    but exempt some traffic (for example, to improve performance to certain trusted public sites).
BlackBerry Proxy
server web proxy server
Depending on the complexity of your environment, you can configure the
BlackBerry Proxy
server to route traffic through a web proxy server rather than directly to the destination server.
You can either use a manual web proxy server configuration or a PAC file.
You can select both manual HTTP proxy and PAC. This may be necessary for scenarios where NOC traffic should use a different proxy server than app traffic. Avoid this level of complexity where possible.
Manual HTTP proxy:
Manual web proxy server configuration is sufficient if there are no complex rules governing which URLs should use a web proxy server and which should go direct. If all traffic should use a web proxy server, then configuring a manual web proxy server is the easiest way to accomplish this.
  1. Enable the manual HTTP proxy:
    In an on-premises environment
    1. Go to
      Settings > Infrastructure > BlackBerry Router and proxy
      .
    2. Expand
      Global Settings
      , and select
      Enable manual HTTP proxy
      .
    In a Cloud environment
    1. Go to
      Settings > BlackBerry Dynamics > Clusters
      .
    2. Click on the cluster you want to edit.
    3. Enable
      Override Global Settings
      , and select
      Enable manual HTTP proxy
      .
  2. Select
    Use proxy to connect to all servers
    .
  3. Type the address and port for the web proxy server.
Proxy auto-configuration (PAC) file:
If your organization requires more complex rules about which servers should use a proxy and which should connect directly, BlackBerry recommends using a PAC file because it is much easier to manage.
For example, if you want all connections to the public internet to use the web proxy server, but all internal domains to connect directly, the best practice is to use a PAC file.
PAC file configuration is not part of the
BlackBerry
product and should be completed by the appropriate network or proxy team in your organization.
  1. Open the proxy settings:
    In an on-premises environment
    Go to
    Settings > Infrastructure > BlackBerry Router and proxy
    .
    In a Cloud environment
    Go to
    General Settings > BlackBerry Router and proxy
    .
  2. Expand
    Global Settings
    , select
    Enable PAC
    .
  3. Enter the PAC URL and authentication information as required.
App-specific web proxy server
No app-specific proxy configurations are necessary. This configuration assumes that all traffic is routed internally and either a manual proxy or PAC is configured at the
BlackBerry Proxy
server.