Setting up a Rocket to be an out-of-line Proxy

What is a Proxy-configured Rocket and what is it for?

A proxy Rocket is a Web Filter Rocket being used partially or dedicated solely to handling proxied traffic.

Network Placement

A proxy box does not need to be placed inline like a Traffic Bridge, it only requires the Management NIC is set up and connected to the core switch. All proxy traffic is handled over the management NIC.
Note: The diagram above is a sample network diagram. For more accurate instructions on the network placement of your Lightspeed Systems solution, please refer to the diagram sent to you when you purchased your hardware.

Initial Setup Prerequisites

Note: We recommend setting up an FQHN for each Rocket on your network. That way it is accessible externally as well as internally and will work with any off-network devices. If you do not setup an FQHN, your Rocket can be reached internally via IP.


Create a Fully Qualified Hostname

Creating a Fully Qualified Hostname (FQHN) is necessary for filtering deivces off network and allows you to manage your Rocket remotely. In order to get the FQHN setup you will need to create records both with your hosting provider and internally on your DNS server.

Set up FQHN with your Hosting Provider


You most likely already own a domain and will simply need to create an A record for the hostname dedicated to the Rocket. Contact your hosting provider (e.g., GoDaddy or your state ISP) to set up the hostname.
Example, if your school domain is southernacademy.org you could make your Rocket’s FQHN rocket.southernacademy.org.

Note: If you are manually setting up your FQHN, when setting up the A record, you should create one for the hostname with the WWW and one without WWW.

Set up FQHN on your internal DNS


Once the hostname is setup to resolve externally, you then must make changes to your internal DNS so, when internal, your devices resolve directly to the Rocket appliance.

Create an A record entry to translate the FQHN to the internal IP of the Rocket.
Example: rocket.southernacademy.org = 10.16.80.2.

Note: This will differ based on your DNS server and type. Here is an example of a document outlining managing Microsoft’s DNS.

External DNS

If you are utilizing a DNS server that is external to your network you must also add an entry to translate the FQHN to the external IP of the Lightspeed Systems Rocket.
Example: rocket.southernacademy.org = 209.16.17.2


Note: IP must be unique for every Rocket on your network.

Set up your management NIC

To configure your management NIC, you need to connect directly to the Rocket Appliance. You will need a suitable power connection and the following:

a USB keyboard plugged into your Rocket
a VGA monitor plugged into your Rocket
a standard RJ-45 network cable connecting your management port on your Rocket to your network

Note: You must log into the appliance console directly from the local machine. Remote logins via SSH are not supported.

Power on your Rocket

On the front of your Rocket appliance locate the power button and turn the appliance on. You know you are powered on when the lights display. It may take the Rocket several minutes to boot up and display the login screen.

Log into the Rocket

Log in using the default username and password.

Username: admin

Password: admin

Configure management interface

Select configure management interface and press [Enter]

To navigate the console menus, use the arrow keys on the keyboard to highlight an option, save <Select>, or discard <Exit> your choice.

Enter your network information

Enter the Internal IP Address, Gateway, and Netmask (Subnet Mask) that you have selected for the Lightspeed Rocket Appliance. Click the Tab button to select <Save>, then press [Enter] on your keyboard to save the Management NIC configuration.

Note: DHCP is not supported. You must assign static IP addresses to the Lightspeed Systems Rocket Appliance.

Your Rocket will now update based on your settings. Select [Exit] to log out.


Note: IP is unique.


Once you have successfully connected to Lightspeed Systems you will advance to the Getting Updates page. The Rocket will automatically check for and install updates. When the Next button turns blue you will be able to continue while the updates finish installing in the background. Click Next to proceed.


Join a Cluster

If you are setting up an additional Rocket you should have created a Cluster by now. If you have not, please Create a Cluster so you can join this Rocket to your Cluster.

1. Click Settings, then click Cluster. On the Cluster page, click Join Cluster. Once the Rocket has processed the request, the page will refresh. Enter the information from the Configuration Master Rocket that you created the Cluster from.

  • Under Rocket Information, type the IP Address of the Management Interface Rocket.
  • Paste the Cluster Key from the clipboard into the Cluster Key field.
  • Give the Rocket a name in the Name field.
  • Add a description in the Description field (any description will work.)

4. Check the appropriate Rocket Roles.

5. Click Save to finish selecting this Rocket to the Cluster.

Roles

All Proxy Rockets should be set up as a Web Filter.

Policy Server

In multi-Rocket environments you can choose one Rocket to act as your Policy Server. When you designate a Policy Server, you are choosing to have all the policy lookups performed by the Policy Server. This setup allows you to configure one box with all your policies and let those decisions propogate down to all of your other Rockets.

Note: If you have decided to utilize a Policy Server that is a different Rocket from the one you are setting up, please choose that box from the dropdown.  Your dropdown options will include any Rocket that is joined to the Cluster your current Rocket is part of.  If you do not choose a Policy Server the Rocket you are setting up will act as its own Policy Server.

Selecting a Policy Server

Navigate to Settings > Appliance: Features and scroll down to Policy Servers. Click the green + sign to add a new Policy Server. Select a Policy Server from the dropdown menu and click Submit. 

Done!

Congrats! You've set up your Rocket as an out-of-line Proxy. See Proxy Implementation for a customized guide through your configuration options.