Skip to content

Role of proxy servers in Resilio Active Everywhere setup

Overview

Resilio Proxy is an optional component that allows relaying data traffic between Agents that cannot establish direct connections with each other. Agents may also use Proxy to connect to the Management Console to receive Job assignments and report their status.

Using Resilio Proxy requires an administrator to install it in a location where the Proxy can receive incoming connections over TCP and UDP-based ZGT from all Agents that plan to transfer data via Proxy or connect to the Management Console over Proxy.

What Proxy can and cannot do

  • Proxy only accepts incoming connections and does not attempt to connect anywhere on its own.
  • Proxy accepts incoming connections from the Management Console, too. Once connected, the Management Console may reconfigure the Proxy.
  • Proxy can relay the control connection to the Management Console, too. Therefore, Agents may receive job configuration and report status over Proxy, too.
  • Proxy accepts incoming TCP-based as well as UDP-based ZGT connections from Agents.
  • Proxy uses standard TLS encryption and does not decrypt traffic that passes through it, and therefore can be installed in a public environment.
  • Proxy does not store any data on a local disk - it only passes the data through.
  • Agents can use multiple Proxies to load balance.
  • High availability of Proxies is not supported.
  • Several Proxies cannot be installed on the same computer. A Proxy cannot be installed on the same computer as the Management Console and/or Agent.
  • Proxy can listen on the standard HTTPS port to mimic SSL/TLS connection(s) for Agents using it.

Typical use cases

Work from home use case

The Agents in a home LAN have no ability to open NAT ports for incoming connections. Home routers are generally very permissive with outgoing connections. Therefore, installing a Proxy in a public network allows two home users to connect via Proxy without any additional home router configuration.

Enterprise LAN with DMZ

The Management Console as well as the servers that have access to data stay in a highly secure enterprise LAN, while data consumers stay outside in branch offices or home offices. Placing a Proxy in the DMZ allows external Agents to communicate with the Management Console and internal Agents that provide the necessary access to the data.

Providing access to your data to third-party users or collecting data from third-party users

Sometimes it is necessary to collaborate with another company or contractors by lending them some Agent(s). If a third party is reluctant to open their firewall so the Agent can receive incoming connections, Resilio Proxy could be a good solution.