Other versions

Reference: Proxy server settings

The Tanium™ Server must be able to connect to the Internet to download content updates from Tanium and necessary files from other trusted suppliers. The Module Server must be able to connect to the Internet to download solution module software updates from Tanium, and the solution modules themselves might have requirements to access the Internet. For a list of sites the Tanium Server accesses, see Internet access (direct or by proxy).

Supported proxy server types

If your enterprise security policy does not allow Tanium platform servers to access these locations directly, check to see whether your organization uses proxy servers to access the Internet. If so, you can configure Tanium platform servers to access the Internet through proxy servers. Tanium supports two types of proxies:

  • Basic

    Basic proxies may or may not require authentication. A strictly IP-address-based proxy server allows a specified list of servers to traverse the proxy and access the network or Internet. If this is the case, be sure to add the IP address or hostname of the Tanium Server to the proxy server's access list.

    If the proxy server requires authentication, you can configure the account ID and password.

  • NTLM

    If the proxy server is set up to use NTLM, and you configure the Tanium Server service to run in the context of a service account that has sufficient privileges to traverse the proxy server, you do not have to configure account ID and password.

Configure proxy server settings

  1. Go to Configuration > Common > Proxy Settings.
  2. Use the Tanium Server Proxy Settings box to specify proxy settings for the Tanium Server connections.
  3. Proxy Server IP address of the proxy server.
    Proxy User ID Account username to establish the connection with the proxy server. Required if a Basic proxy is configured. NTLM proxies use the credentials of the user context that runs the Tanium Server service.
    Proxy Type
    • BASIC
    • NTLM
    Port Number Port number of the proxy server.
    Proxy Password The password is stored in clear text within the registry.
    Bypass Proxy Host List If you configure proxies, you might need to configure exceptions. When package files use a URI that is local to the Tanium Server to download content, these requests are sent to the proxy, causing these files to fail to download. Use this key to add proxy exceptions for these non-proxied hosts. For example, Localhost,192.168.1.1. In most cases, localhost and all Tanium Server names and IP addresses should be excepted. Specify literal values. Version 7.0.314.6242 and later support wildcards.
    Bypass CRL Check Host List Unless a server is specified in this list, the Tanium Server performs a CRL check and does not download files from a server that does not pass.
    Trusted Host List Unless a server is specified in this list, the Tanium Server does not download files from a server without a valid SSL certificate. Add the FQDN or IP address of any servers you want to trust. In an Active/Active cluster, specify the FQDN for both Tanium Servers. Version 7.0.314.6242 and later support wildcards.
  4. Optional. To populate these settings to the Module Server form on this page, select Mirror Changes to Module Server.
  5. Save your changes.
  6. Use the Module Server Proxy Settings box to specify proxy settings for the Module Server connections.
  7. Save your changes.
  8. Use the Validate Proxy Settings box to configure a test for your settings.
  9. Component Tanium Server or Module Server.
    File Source
    • From Tanium—Use predefined settings for a connection to content.tanium.com.
    • From Random Site—Use predefined settings for a connection to www.msftncsi.com.
    • Specify URL/Hash—Configure your own test settings.
    URL If you selected Specify URL/Hash, specify the URL.
    Hash If you selected Specify/URL/Hash, specify the hash.
    Download Time If you selected Specify URL/Hash, specify a maximum download time before returning a failure message.
  10. Click Start Download.

The Tanium Console returns a message indicating success or failure. If the test fails, check that the proxy server is up and is configured as expected; and that the Tanium settings you specified match those expected by the proxy server. The TDownloader logs have detailed event messages.

Note: In installations on Windows, the proxy settings are written to the Windows Registry. You can change settings in the registry directly. See Windows Registry. Be sure to edit only the Tanium Server entry, not the Tanium Module Server entry, in both host computer registries (both the Tanium Server host computer registry and the Tanium Module Server host computer registry).

Last updated: 2/20/2018 3:39 PM | Feedback