Scenario 2: Route all traffic through the BlackBerry Proxy and then through a web proxy server
BlackBerry Proxy
and then through a web proxy serverThis configuration is appropriate for organizations that require all traffic from work apps to be routed internally. A web proxy server is required for internal servers to connect to the internet.
For example, connections to public sites like google.com and microsoft.com as well as internal
Microsoft Exchange
Server
s and SharePoint
servers must all be routed internally through the BlackBerry Proxy
.In this configuration, it is assumed that a web proxy server connection to the Internet is also required, because most organizations that require all traffic to be routed internally also require that traffic be routed through a web proxy server for filtering or monitoring.
BlackBerry
Dynamics
connectivity profile- Set theDefault allowed domain route typetoBlackBerry Proxy cluster.
- (Optional) Add internal domains to theAllowed domainslist. This is not necessary when theDefault allowed domain route typeis set to route through theBlackBerry Proxy.
- (Optional) Add specific server names underAdditional serversand select aBlackBerry Proxycluster. This is not necessary when theDefault allowed domain route typeis set to route through the BlackBerry Proxy.
- (Optional) If you want specific servers to be exempt from the default routing through theBlackBerry Proxy, you can specify specific domains (either underAllowed domainsorAdditional servers) and selectDirect. This allows you to route most traffic throughBlackBerry Proxybut exempt some traffic (for example, to improve performance to certain trusted public sites).
BlackBerry Proxy
server web proxy serverDepending on the complexity of your environment, you can configure the
BlackBerry Proxy
server to route traffic through a web proxy server rather than directly to the destination server.You can either use a manual web proxy server configuration or a PAC file.
You can select both manual HTTP proxy and PAC. This may be necessary for scenarios where NOC traffic should use a different proxy server than app traffic. Avoid this level of complexity where possible.
Manual HTTP proxy:
Manual web proxy server configuration is sufficient if there are no complex rules governing which URLs should use a web proxy server and which should go direct. If all traffic should use a web proxy server, then configuring a manual web proxy server is the easiest way to accomplish this.
- Enable the manual HTTP proxy:In an on-premises environment
- Go toSettings > Infrastructure > BlackBerry Router and proxy.
- ExpandGlobal Settings, and selectEnable manual HTTP proxy.
In a Cloud environment- Go toSettings > BlackBerry Dynamics > Clusters.
- Click on the cluster you want to edit.
- EnableOverride Global Settings, and selectEnable manual HTTP proxy.
- SelectUse proxy to connect to all servers.
- Type the address and port for the web proxy server.
Proxy auto-configuration (PAC) file:
If your organization requires more complex rules about which servers should use a proxy and which should connect directly, BlackBerry recommends using a PAC file because it is much easier to manage.For example, if you want all connections to the public internet to use the web proxy server, but all internal domains to connect directly, the best practice is to use a PAC file.
PAC file configuration is not part of the
BlackBerry
product and should be completed by the appropriate network or proxy team in your organization.- Open the proxy settings:In an on-premises environmentGo toSettings > Infrastructure > BlackBerry Router and proxy.In a Cloud environmentGo toGeneral Settings > BlackBerry Router and proxy.
- ExpandGlobal Settings, selectEnable PAC.
- Enter the PAC URL and authentication information as required.
App-specific web proxy server
No app-specific proxy configurations are necessary. This configuration assumes that all traffic is routed internally and either a manual proxy or PAC is configured at the
BlackBerry Proxy
server.