Skip To Content

Configure your portal to use a forward proxy server

A forward proxy server is a computer on your LAN that allows you to connect outside the network without compromising the security of your internal network. Use of a forward proxy server is very common in perimeter networks (also known as demilitarized zones [DMZ] or screened subnets) to protect the identity of internal machines. If your organization uses a forward proxy server to connect externally, you can configure your ArcGIS Enterprise portal to use your forward proxy server.

  1. Open a web browser and sign in to the ArcGIS Portal Directory as an Administrator of your organization. The URL is formatted as https://portal.domain.com:7443/arcgis/portaladmin.
  2. Click System > Properties > Update Properties.
  3. In the Update System Properties dialog box, insert the following JSON code, substituting your forward proxy server information:
    {
        "httpProxyHost": "forwardproxy.domain.com",
        "httpsProxyHost": "forwardproxy.domain.com",
        "httpProxyPort": 80,
        "httpsProxyPort": 443,
        "nonProxyHosts": "portal.domain.com"
    }

    If your forward proxy requires authentication, the username and password need to be included in the JSON string:

    {
        "httpProxyHost": "forwardproxy.domain.com",
        "httpsProxyHost": "forwardproxy.domain.com",
        "httpProxyPort": 80,
        "httpsProxyPort": 443,
        "httpProxyUser": "username",
        "httpsProxyUser": "username",
        "httpProxyPassword": "password",
        "httpsProxyPassword": "password",
        "nonProxyHosts": "portal.domain.com"
    }
    • If your forward proxy server is configured to exclusively use HTTPS, remove all http properties from the JSON.

    • The nonProxyHosts property should always contain the machine name where your portal is installed. If you want to federate ArcGIS Server with your portal, you should also include the name of the machine where ArcGIS Server is installed. Machine and domain items are separated using a pipe (|), for example:

      "nonProxyHosts": "portal.domain.com|server.domain.com|*.domain.com"

  4. Click Update Properties.

Portal for ArcGIS is now configured to use your forward proxy server.

A forward proxy server can either tunnel encrypted traffic, or decrypt and then re-encrypt traffic. If Portal for ArcGIS does not appear to be working correctly with the forward proxy, it's likely the proxy server is decrypting and re-encrypting traffic. A proxy server that decrypts traffic will use a root certifying authority to present certificates. Your ArcGIS Enterprise portal will not trust the root certifying authority by default, so you must import the certificate into the portal. See Configuring the portal to trust certificates from your certifying authority for details.