Skip to content

Configure Gateway-Based Control for Client Proxy Bypass Modification

Applies To: Accops Workspace Windows Client 7.2.0.1078 and above

Category: Network & Proxy Configuration

Feature Status: Stable

Overview

This guide explains how to configure gateway-based control for client proxy bypass modification in Accops Workspace Windows Client. This enhancement provides administrators with centralized control over whether the Workspace Client modifies system proxy bypass lists during user login, enabling compatibility with enterprise environments where proxy settings are centrally managed through Group Policy or configuration management tools.

In earlier releases, Workspace Client automatically modified system proxy settings during login, adding published HySecure applications to the proxy bypass list. This behavior was enabled by default and could not be controlled. The enhanced capability allows administrators to disable this automatic modification through gateway configuration, ensuring proxy settings remain under centralized IT control.

Prerequisites

  • Gateway Version: HySecure Gateway 5.4 SP6, HySecure Gateway 7.0, HySecure Gateway 7.1, or HySecure Gateway 7.2 series
  • Client Version: Accops Workspace Windows Client 7.2.0.1078 or higher
  • Administrative Access: Security Officer or Administrator access to HySecure Management Console
  • SSH Access: SSH access to HySecure Gateway server for global configuration (optional)
  • Proxy Knowledge: Understanding of enterprise proxy configuration and management strategies
  • Network Knowledge: Understanding of proxy bypass lists, PAC files, and proxy auto-configuration

Benefits

  • Centralized Proxy Management: Maintain consistent proxy configurations across enterprise environments without client-side modifications
  • Compatibility with Group Policy: Ensures compatibility with environments where proxy settings are managed via Active Directory Group Policy
  • Reduced Configuration Conflicts: Eliminates conflicts between client-modified proxy settings and enterprise proxy management policies
  • Administrative Flexibility: Granular control at global, user, or group level for different organizational requirements
  • Simplified Troubleshooting: Reduces proxy-related support issues in managed environments

Proxy Bypass Behavior

Default Behavior (Previous Releases)

Automatic Proxy Modification:

  • Workspace Client automatically detected system proxy configuration during user login
  • Published HySecure applications were automatically added to the proxy bypass list
  • Original proxy settings were stored and restored during client logout
  • No administrative control over this behavior

Use Case for Default Behavior:

  • Unmanaged workstations where users control their own proxy settings
  • Environments without centralized proxy management
  • Single-user devices with local proxy configuration

Enhanced Behavior (7.2.0.1078 and Above)

Configurable Proxy Modification:

  • Administrators can control whether Workspace Client modifies proxy bypass lists
  • Configuration available at global level (all users) or per client profile (specific users/groups)
  • Default behavior maintains backward compatibility with previous releases
  • Enhanced control through gateway configuration tag

Configuration Tag: DONTMODIFYSYSTEMPROXY

Tag Value Behavior Use Case
false (default) Workspace Client WILL modify proxy bypass list during login Unmanaged environments, backward compatibility
true Workspace Client will NOT modify proxy bypass list Centrally-managed proxy environments, Group Policy controlled settings

Platform Support

Client Mode Windows 10/11 Windows 8/8.1 HySecure 5.4 SP6 HySecure 7.0+ Support Level
Full Admin Client Yes Yes Yes Yes Full Support
On-Demand Client Yes Yes Yes Yes Full Support
HyBrid Mode No No No No Not Supported
HyLite Mode No No No No Not Supported

Procedure Part 1: Global Configuration (All Users and Groups)

Step 1: Access HySecure Gateway Server via SSH

  1. Establish SSH Connection

    • Connect to HySecure Gateway server using SSH client (PuTTY, Terminal, etc.)

    • Login with administrator credentials

    • Verify SSH access and administrative privileges

  2. Navigate to Configuration Directory

   cd /home/fes/public
  1. Backup Existing Configuration
   # Create backup of globalsettings.js
   cp globalsettings.js globalsettings.js.backup.$(date +%Y%m%d_%H%M%S)

   # Verify backup creation
   ls -lh globalsettings.js*

Step 2: Edit Global Settings Configuration File

  1. Open Configuration File
   # Using vi editor
   vi globalsettings.js

   # Or using nano editor
   nano globalsettings.js
  1. Add Configuration Tag
  2. Locate appropriate section in globalsettings.js file
  3. Add the following tag:
   DONTMODIFYSYSTEMPROXY=true
  1. Example Configuration
   WORKSPACE_PRIMARY_BUTTON_TEXT_DISABLE=#fafafa
   DONTMODIFYSYSTEMPROXY=true
   PORTALSTATUSCHECKTIMEINTERVAL=20
   TURBO_ROUTE_VIA_DEFAULT_GATEWAY=false
   VPN_TCP_KEEP_ALIVE_INTERVAL=

Step 3: Save and Validate Configuration

  1. Save Configuration File
   # For vi editor
   :wq

   # For nano editor
   Ctrl+X, then Y, then Enter
  1. Verify Configuration Syntax
   # Check file syntax and formatting
   cat globalsettings.js | grep DONTMODIFYSYSTEMPROXY

   # Expected output:
   # DONTMODIFYSYSTEMPROXY=true
  1. Set Proper File Permissions
   # Ensure proper ownership and permissions
   chown fes:fes globalsettings.js
   chmod 644 globalsettings.js

   # Verify permissions
   ls -l globalsettings.js

Step 4: Apply Configuration (No Restart Required)

Configuration Propagation:

  • Global settings are automatically propagated to clients on next login
  • No HySecure Gateway restart required
  • Existing user sessions continue with previous settings
  • New user sessions apply updated configuration

Validation:

  • Configuration takes effect for all new user logins after file modification
  • Existing logged-in users unaffected until next login
  • Changes apply globally to all users and groups

Procedure Part 2: Client Profile-Specific Configuration

Step 1: Access HySecure Management Console

  1. Login to Management Console
  2. Open web browser and navigate to HySecure Management Console URL
  3. Login with Security Officer or Administrator credentials

  4. Verify administrative access and permissions

  5. Navigate to Client Profiles

  6. Access Policies → Client Profiles from main navigation
  7. Review existing client profiles or prepare to create new profile
  8. Identify target users or groups for configuration

Step 2: Create or Modify Client Profile

  1. Create New Client Profile (if needed)
  2. Click Add Profile or Create New Client Profile
  3. Enter profile name (e.g., "Managed Proxy Environment")
  4. Enter profile description (e.g., "Prevent proxy modification for centrally-managed workstations")

  5. Configure other profile settings as required

  6. Modify Existing Client Profile (if applicable)

  7. Select existing client profile from list
  8. Click Edit or Modify to access profile settings
  9. Prepare to add customized options

Step 3: Configure Customized Options

  1. Access Customized Options Section
  2. Scroll to Customized Options field in client profile configuration

  3. Locate text input area for custom tags and parameters

  4. Add Proxy Control Tag

  5. Enter the following in Customized Options field:
   DONTMODIFYSYSTEMPROXY=true
  1. Configure Additional Settings (if needed)
  2. Add other customized options as required for your environment
  3. Maintain proper formatting and syntax for multiple tags
  4. Separate multiple tags appropriately

Step 4: Assign Client Profile to Users or Groups

  1. Configure Profile Assignment
  2. Navigate to Users or Groups section
  3. Select target users or groups for profile assignment

  4. Assign the configured client profile to selected users/groups

  5. Verify Profile Assignment

  6. Confirm profile is properly assigned to intended users
  7. Review profile inheritance and priority if multiple profiles configured

  8. Document profile assignments for administrative records

  9. Save Configuration

  10. Click Save or Apply to commit changes
  11. Verify configuration is saved successfully
  12. Configuration takes effect on next user login

Configuration Example

Example 1: Enterprise with Centralized Group Policy Proxy Management

Environment:

  • 5,000+ user enterprise with Active Directory infrastructure
  • Proxy settings managed centrally via Group Policy
  • Standardized proxy configuration across all workstations
  • Configuration management tools (SCCM, Intune) enforce settings

Configuration Approach:

  • Global Configuration: Set DONTMODIFYSYSTEMPROXY=true in globalsettings.js
  • Scope: All users and groups across entire organization
  • Benefit: Workspace Client respects centrally-managed proxy settings
  • Result: Zero proxy-related conflicts or support tickets

Implementation:

# Global configuration in /home/fes/public/globalsettings.js
DONTMODIFYSYSTEMPROXY=true

Business Outcome:

  • Eliminated proxy configuration conflicts between Workspace Client and Group Policy
  • Reduced IT support tickets related to proxy configuration issues
  • Maintained compliance with enterprise proxy management policies
  • Simplified troubleshooting for network-related issues