I have a question: how to configure multiple egress policies in Foundry, particularly for scenarios where:
-
External IPs / hosts need to be reached (e.g. ping / connectivity checks), and
-
All outbound traffic must go via a proxy, and
-
We also need to define external host–specific egress policies.
Now, it appears we can’t apply proxy-based egress and external host egress policies at the same time.
Could someone please advise:
-
Whether multiple egress policies (proxy + external hosts or multiple external hosts) are supported concurrently
-
If there is a recommended pattern or limitation, we should be aware of
-
Any alternative approach to support ICMP / connectivity checks to external IPs when a proxy is mandatory
Hi @stephenlo and thanks for your question.
It is correct that a given source can not import both agent proxy policies and direct connection policies at the same time. You can however import multiple policies of the same type to a source.
Given your requirement that all outbound traffic must go via a proxy, the recommended setup is:
- use agent proxy policies - one per address you need to hit - to route all traffic through your agent.
- For destinations that need to reach external hosts via a corporate proxy, configure an upstream HTTP proxy on the egress policy itself (under Advanced Settings when editing the policy). The agent will automatically route that traffic through the specified proxy — no agent-side configuration is needed.
You’ll need to ensure your agent has network connectivity to the upstream HTTP proxy, and that the proxy can reach the external hosts in question.
I hope this helps!
Barth