The OpsRamp Gateway includes a built‑in proxy service that enables agent communication to be routed through the gateway. Agents deployed behind the gateway connect to the OpsRamp Cloud using the gateway proxy, instead of establishing direct outbound connections to the cloud.

The gateway proxy service listens on port 3128 and uses Squid as the proxy server.

Administrative configuration of the gateway, including proxy settings, is performed using the gateway console: https://<ipaddress>:5480.

By default, the gateway proxy service is in a stopped state.

Access Control Options

The gateway proxy service allows you to control how agents access the OpsRamp Cloud through the gateway. The service can be configured to run:

  • Without restrictions – Allows agents to communicate through the gateway proxy without authentication or access controls.
  • With restrictions – Restricts access based on user credentials, source IP address ranges, or allowed destination URLs or IP addresses.

Using restricted access helps prevent unauthorized usage and ensures that only approved agents and endpoints can communicate through the gateway.

Enable and disable proxy service

You can enable or disable the gateway proxy service using either the gateway web user interface or the serial (command-line) interface.

Enable/disable proxy from the Gateway Web UI

  1. Log into the Gateway web UI at https://<ipaddress>:5480.

  2. Click Proxy Configuration.

  3. Click Stop to disable the proxy. Click Start to enable the Squid proxy service.

Enable/disable proxy from the command line

  1. Log in to the gateway CLI via SSH using your username and password.
  2. After logging into the gateway VM, launch the Administration  Console using the following commands:
    • For non‑root login : sudo su admin
    • For root login: su admin
  3. Use Arrow keys to navigate to Squid Proxy and hit Enter
  4. Use Arrow keys to Enable or Disable the service and Save


Disabling proxy services on the gateway impacts agents that are connecting using proxy.

Run proxy services without restrictions

You can start the proxy service without any restrictions. As a result, any agent can communicate using proxy without authentication or without any restriction.

  1. Log into gateway web user interface: https://:<5480>.
  2. In the left pane, click Proxy Configuration.
  3. Verify that the options of Without Credentials and No Restriction are selected for the following sections: Credentials, Inbound Restrictions, and URL or IP Restriction.
  4. Click Save to start the service without restrictions.

Run proxy services with restrictions

You can start the proxy service with restrictions. As a result, any agent connecting using proxy through the gateway is allowed only for the authenticated users, IPs, or URLs.

  1. Log into the gateway web user interface at https://<ipaddress>:5480.
  2. In the left pane, click Proxy Configuration. The Credentials, Inbound Restrictions, and URL or IP Restriction sections appear.
  3. Configure Credentials:
    • Select With Credentials to enforce credential-based authentication, or Without Credentials to disable this restriction.
    • If With Credentials is selected, enter the username and password, then click Create to add an authorized user.
    • When credentials are enforced, only users in the Allowed User list can communicate through the proxy.
    • You can configure a maximum of one user.
  4. Configure Inbound Restrictions:
    • Select Allow Specific IPs to restrict access to specified IP addresses, or No Restriction to allow all IP addresses.
    • Enter the IP address range in Provide range of IP addresses and click + to add it.
    • Allowed IP ranges appear in the Allowed IPs Range section and are authenticated to access the proxy server.
    • For example, entering 192.168.0.1/24 authorizes 254 addresses from 192.168.0.1 to 192.168.0.254.
    • To restrict access to a single IP address, omit the subnet mask.
  5. Configure URL/IP Restriction:
    • Select Allow Specific URL/IP to restrict access to specified URLs or IP addresses, or No Restriction to allow all destinations.
    • Enter the URL or IP address in Provide URL/IP and click + to add it.
    • Allowed URLs and IP addresses appear in the Allowed URL/IP section.
    • For example, specifying api.opsramp.com permits access only to that URL; all other destinations are denied.
  6. Click Save to apply the configured restrictions.

If you want to use the default gateway proxy configuration, click Reset.

Tabbed Interface with Table