Configure outbound connection proxy

Use these procedures to configure outbound connection proxying for Secure Relay:

Open the outbound proxy page

Before you can enable outbound proxying for Secure Relay, open the Configure outbound connection proxy page. There are two ways to open the page:

  1. Select System management > Manage embedded servers to open the Embedded servers page. Click Configure outbound connection proxy via Secure Relay.
  2. or
  3. Open a community summary page. Click DMZ settings in the navigation graphic at the top of the page. This opens the Configure DMZ settings page. Click Configure outbound connection proxy via Secure Relay.
Caution   If you open the Configure outbound connection proxy page without first adding a Secure Relay node, messages on the page prompt you to add a node.

Enable outbound proxy and exceptions

To enable the proxy and engage secure connections:

  1. Select Use outbound connection proxy.
  2. Click Save changes on the Configure outbound connection proxy page. Once enabled, all outbound connections go through the DMZ, provided one or more Secure Relay nodes are in place.
  3. Select Begin secure connection in the DMZ to have secure connections engaged at the router agent in the DMZ rather than by Interchange. This page applies to outbound messages sent to trading partners by all communities. It has no effect on inbound messages sent to the back end. Even if you enable an outbound connection proxy for Secure Relay, a community-specific HTTP proxy, if set up, takes precedence for outbound HTTP connections for that community. For more information, see HTTP outbound proxy.
Note   If outbound proxying is enabled, JMS cannot be used as a delivery exchange point for trading. However, JMS can be used for back-end application pickup or delivery.

Bypass the proxy

Optionally, you can specify whether to bypass the proxy and connect to a server directly. For example, if you do not want connections to your FTP server in the DMZ to use the outbound proxy, add it to the Add a proxy exception list. (Connections from application delivery exchange points automatically bypass the proxy even if no exceptions are defined.)


Exceptions work if given in the same form as the addresses in the delivery exchange points. For example, if the exchange point gives a host as, the exception should be or * In this case an IP address would not match since a host name was specified in the exchange point.

However, you can use IP addresses if some exchange points contain IP addresses. If some exchanges have IP addresses and some have host names, you can have exceptions for both.

FTP is a special case. Exceptions for FTP must have IP addresses, because responses to passive commands contain IP addresses and not symbolic host names. As delivery exchange points and exceptions must be in the same form, the FTP exchange points must use IP addresses, too.

To add an exception:

  1. Type a fully qualified domain name or IP address in the Host name or IP address field.
  2. Click Add.

You can delete exceptions, too.

In the case of outbound active FTP, review the guidelines on the outbound connection proxy page for entering the IP address or fully qualified domain name of the Secure Relay host.

Use this page only after you have completed Add a DMZ node. Inbound configuration tasks apply only to inbound connections and are not required to set up outbound connections. These are:

Related topics

Related Links