Resilio Connect Proxy was introduced in version 2.12. It is an optional component, allows to relay data traffic between Agents which cannot connect directly. Also, Agents may use Proxy to connect to the Management Console to receive job orders/report status.
Using Resilio Proxy requires an administrator to install it somewhere where Proxy can get incoming connections over TCP and UDP-based ZGT from all agents that plan to transfer data via proxy or connect to the Management Console over proxy.
What proxy can and cannot do
- Proxy only accepts the incoming connection and does not attempt to connect anywhere on its own
- Proxy accepts incoming connections from Management Console, too. Once connected, MC may reconfigure the proxy
- Proxy can relay the control connection to Management Console, too. Therefore Agents may receive job configuration and report status over proxy, too.
- Proxy accepts incoming TCP-based as well as UDP-based ZGT connections from Agents
- Proxying data is slower than direct connections and peers will lose some of the performance compared to direct connections
- Proxy uses standard TLS encryption and does not decrypt traffic that comes through it and therefore can be installed in the public environment
- Proxy does not store any data on local disk, proxy only passes the data over
- Agents can use multiple Proxies to load balance
- High availability of Proxies is not supported
- Several proxies cannot be installed on the same computer. A proxy cannot be installed on the same computer together with the Management Console and/or Agent.
- Proxy can listen on standard HTTPS port to mimic SSL / TLS connection(s) for agents using it
Typical use cases
Work from home use case
The Agents in home LAN have no ability to open NAT ports for incoming connections. And usually, home routers are very tolerant to any outgoing connections. Therefore installing a Proxy in a public network allows 2 home users to connect via proxy without any additional home router configurations.
Enterprise LAN with DMZ
The Management Console as well as the servers that have access to data stay in highly-secure enterprise LAN, though data consumers stay outside in branch offices or home offices. Placing Proxy in DMZ allows external agents to talk to the Management Console and talk to internal agents that may provide necessary access to the data.
Providing access to your data to 3rd party users or collecting data from 3rd party users
Sometimes it's necessary to collaborate with another company or contractors lending them some agent(s). If 3rd party is reluctant to open their firewall so the agent can get incoming connection - Resilio Proxy could be a good solution.