Some companies use a Proxy Server for all internet connections. This article outlines the Mimecast for Outlook expected behavior when connecting to Mimecast via a proxy service, and includes some common deployment scenarios.
It is important to review the Mimecast for Outlook: Prerequisites before deploying Mimecast for Outlook.
When deploying Mimecast for Outlook into an environment where access to the Internet is provided via a proxy server, Administrators should consider the following:
- By default, Windows Proxy settings are assigned on a per user basis.
- All Mimecast for Outlook network communication is performed by the Mimecast Services for Windows service. This runs as the NTAUTHORITY\Local System and not the logged in user.
- By default, the Mimecast Services for Windows service routes to the internet based on the Windows Proxy settings. For example, if no proxy settings are configured, communication will be directed to the workstation's default gateway (primary route to the internet).
- Mimecast for Outlook communicates over an encrypted HTTPS connection, meaning that a standard Proxy server will not be able to perform any packet inspection.
Below are typical proxy implementations.
Internet Access via a Firewall
Internet access is provided via a standard firewall (or upstream proxy) where no Windows Settings are required.
In this scenario, Mimecast for Outlook takes the direct route to the internet (to connect to Mimecast Services), and assuming there is no web filtering on the firewall or upstream Proxy level, there should be no connectivity issues.
Internet Access via Corporate Proxy Server (No Authentication)
Internet access is provided by a corporate proxy server with no direct access available (Proxy Authentication is not required).
In this scenario, it is likely that proxy settings will be assigned on a per user basis via Group Policy. This policy will have no influence on Mimecast for Outlook communication as the Mimecast Services for Windows service runs as the NTAUTHORITY\Local System, and not the logged in user.
By default, Mimecast for Outlook will try and take the direct route to the internet (to connect to Mimecast Services). This communication will consequently fail, and Mimecast for Outlook will not function as there is no route available to Mimecast.
Customers with this network configuration should consider either:
- Changing their Group Policy to apply Proxy Settings on a per machine basis.
- Create a custom installer using the Configuration Tool, to explicitly specify the proxy settings required for their network.
- Alternatively, users are also able to configure the proxy server details using the Account Options menu.
This scenario causes complexity for the following groups of users:
- Laptop users where they will not necessarily require a proxy connection (e.g. when not in the office). To get around this issue, users will need to edit the proxy settings in the Account Options box, to disable the proxy server and revert to using the default system settings.
- Mobile users if the customer decides to assign per machine Proxy settings. Users will not be able to use Mimecast for Outlook when there is no connectivity to the corporate Proxy.
Internet Access via Corporate Proxy Server (Authentication is Required)
Internet access is provided by a corporate proxy server, with no direct access available (Proxy Authentication is required).
In this scenario, the behavior is the same as the point above.
As Mimecast for Outlook is an application that utilizes a Cloud service, the preferred / recommended environment for Mimecast for Outlook to operate is where there is a direct route from the client workstation to the Internet, or at least to Mimecast Services.
This will ensure that connectivity is established, and Mimecast for Outlook functions as expected.