Multi Proxy Configuration

The Cloud Agent has support for multiple proxy servers defined in the Proxy URL. Cloud Agent uses the first proxy server in the list for its connection, if it fails to connect, the agent uses the next configured proxy server in the list until all proxy servers are tried. You can have up to five proxy servers included in the proxy URL.

Each time the Cloud Agent connects to the Qualys Platform, it always uses the first proxy server in the ordered list. You can use the Configuration Tool to set the proxy order to be sequential or random. The agent does not maintain a history of the last proxy server used. 

This proxy configuration can be used with the Qualys Gateway Service or third-party proxy servers. The failover proxy servers do not need to be on the same subnet as the first proxy server; as long as the Cloud Agent can connect to other proxy servers, even on other subnets, the agent will use that proxy server (s) if the first proxy server is not available.

Multiple proxies can be configured with qualys_https_proxy or https_proxy environment variables. It is recommended that you provide multiple proxies in the qualys_https_proxy environment variable.

The following example shows how to set multiple proxies:

qualys_https_proxy=”https://[<username>:<password>@]<host1>:<port>;
https://[<username>:<password>@]<host2>:<port>; 
https://[<username>:<password>@]<host3>:<port>”

The list of proxies must be given in double quotes (“...”) and separated by a semi-colon (;), and if a semicolon (;) is embedded in the username/password, you must URL-encode it. You can use the Proxy Configuration Encryption Utility to encrypt the username and password that you provide to the proxy environment variable.

You can combine multiple proxy certificates into a single file and place it at the same location as earlier /etc/qualys/cloud-agent/cert/ca-bundle.crt. Ensure that all certificates are valid, 
else you might get SSL/certificate errors.