Home
Support
Product Support
Routers
Cisco SD-WAN
End-User Guides

Cisco Catalyst SD-WAN Control Components and Device Management Guide, Releases 26.x and Later

How should I set up time synchronization across my SD-WAN devices?
How do VPNs in SD-WAN Manager map to VRFs on Cisco IOS XE Catalyst SD-WAN devices?
Why does every device need a system IP address, site ID, and domain ID?

View all Saved Content

PDF

Is this content helpful?

Helpful Unhelpful

Suggestions for Improvement

Thank you for your feedback. Your response has been recorded.

Ask about this content

Cisco Catalyst SD-WAN Control Components and Device Management Guide, Releases 26.x and Later

How should I set up time synchronization across my SD-WAN devices?
How do VPNs in SD-WAN Manager map to VRFs on Cisco IOS XE Catalyst SD-WAN devices?
Why does every device need a system IP address, site ID, and domain ID?

Expand all sections

About this content

System Logging

Feature history: System logging
System logging
Configure system logging
Create a certificate signing request and install feature certificates
Viewing system log information
Verifying the trustpoint configuration on a device
Remote logging over TCP and TLS

Device Tagging

Feature history: Device tagging
Device tagging
Add device tags
Delete device tags

Configure Devices

Feature history for configure devices
Configure devices in Cisco Catalyst SD-WAN
Configure and manage device templates
Configuration prerequisites
Device configuration workflow
Configure and manage devices using SD-WAN Manager

Basic Settings for Cisco SD-WAN Manager

Basic system settings
Enforce a software version on devices
Configuring a login page banner
Configuring device basic settings
Configuring global system settings
Configuring NTP servers
Configuring a router as an NTP primary
Configure device time using CLI commands
Configuring GPS
Configuring automatic bandwidth detection
Proxy server for SD-WAN Manager HTTP and HTTPS traffic with external servers
Rate limit for bulk API requests
Configure device statistics collection
Configure the time interval for collecting device statistics
Configure the SD-WAN Manager server maintenance window
Configure system logging using CLI commands
Connect to a device by SSH terminal
View the rate limit for bulk API requests
Monitor NAT DIA endpoint trackers

Control component settings on Cisco SD-WAN manager

Feature history for Cisco SD-WAN Control Components settings on Cisco SD-WAN Manager
Cisco SD-WAN Control Components settings on Cisco SD-WAN Manager
Configure device specific control component network settings

Reverse Proxy

Feature history for reverse proxy
Reverse proxy
Provision certificates on the reverse proxy
Configure the reverse proxy settings
Configure reverse proxy settings on Cisco SD-WAN Controllers
Disable the reverse proxy
Monitor reverse proxy using the CLI

Wireless Management

Feature history for wireless management
Wireless management on ISR 1000 series routers
Configuring wireless management
Monitor wireless configuration on Cisco ISR 1000 series routers
Troubleshooting wireless configuration on Cisco ISR 1000 series routers

Cellular Gateway

Feature history for Cellular Gateway configuration
Cellular gateways
Configuring cellular gateways

CLI Templates for Cisco IOS XE Catalyst SD-WAN Devices

Feature history: CLI templates
CLI templates for Cisco IOS XE Catalyst SD-WAN devices
Using CLI templates in Cisco SD-WAN Manager
Sample configurations for CLI templates

CLI Add-On Feature Templates

Feature history for CLI add-on feature templates
CLI add-on feature templates
Create a CLI add-on feature template
Qualified CLI commands for CLI add-on feature templates

Cisco SD-AVC

Feature history for Cisco SD-AVC
Cisco SD-AVC
Installing and enabling Cisco SD-AVC, Releases 20.3.1 and later
Enable Cisco SD-AVC on Cisco vManage Release 20.3.1 through SD-WAN Manager 20.16.x
Enable Cisco SD-AVC on Cisco IOS XE Catalyst SD-WAN Devices

SD-AVC Cloud Connector

Feature history for Cisco SD-AVC Cloud Connector
Enabling Cisco SD-AVC Cloud Connector
Enable Cloud Services

Cisco SD-WAN Manager Data Storage

Cisco SD-WAN Manager data storage
Configure Cisco SD-WAN Manager data storage
Viewing Cisco SD-WAN Manager data storage information

Proxy server for SD-WAN Manager HTTP and HTTPS traffic with external servers

Updated: June 9, 2026

Want to summarize with AI?

On this page

Traffic

Benefits

Restrictions for a proxy server for HTTP and HTTPS traffic

Domain name resolution
SD-AVC container

Configure a proxy server for HTTP and HTTPS traffic

Describes configuration and restrictions for proxy servers handling HTTP and HTTPS traffic between SD-WAN Manager and external servers.

You can configure a proxy server to handle HTTP and HTTPS traffic between Cisco SD-WAN Manager and external servers.

Traffic

Here's some of the HTTP and HTTPS traffic SD-WAN Manager directs through a proxy, if configured:

HTTPS connection for Symantec or Cisco automated certificate request or renewal
REST API calls to URLs of these domains:
- cisco.com
- amazonaws.com
- microsoft.com
- office.com
- microsoftonline.com

Each 24 hours, SD-WAN Manager checks whether the proxy server is reachable. If the proxy server is unreachable, SD-WAN Manager raises an alarm: HTTPS proxy server {IP} not reachable

Benefits

Cisco SD-WAN Manager uses an HTTP or HTTPS connection to an external server for certain traffic, including:

Certificate request or renewal
Cisco Plug and Play integration
Smart Licensing Using Policy
Cloud OnRamp
Software image download
Data upload to Cisco SD-WAN Analytics

In releases earlier than Cisco vManage Release 20.5.1, you must permit this HTTP and HTTPS traffic in the firewall configured on your on-premises Cisco SD-WAN Manager instance. From Cisco vManage Release 20.5.1, you can channel HTTP and HTTPS traffic through a proxy server. With the proxy server configured, you can restrict HTTP and HTTPS communication with external servers while configuring the firewall and secure the system further.

Restrictions for a proxy server for HTTP and HTTPS traffic

These restrictions apply to using a proxy server for HTTP and HTTPS traffic between Cisco SD-WAN Manager and external servers.

Domain name resolution

When configured to communicate with external servers via an HTTP/HTTPS proxy server, SD-WAN Manager resolves fully qualified domain names (FQDNs) locally or through configured DNS servers, bypassing the proxy server.

SD-WAN Manager then sends the HTTP or HTTPS connections resulting from the resolution to the proxy server. DNS queries for the resolution of external server FQDNs must be successful before SD-WAN Manager can send the resulting connections to the proxy server for HTTP and HTTPS traffic.

SD-AVC container

There is no support for using the proxy server for traffic between the SD-AVC container, which operates as part of SD-WAN Manager, and external services.

Configure a proxy server for HTTP and HTTPS traffic

Configure a proxy server for HTTP and HTTPS traffic between Cisco SD-WAN Manager and external servers.

SD-WAN Manager verifies that the proxy server for HTTP and HTTPS traffic is reachable, and saves the server details in the configuration database. SD-WAN Manager then directs HTTP and HTTPS connections and REST API calls to external servers through the proxy server.

If the HTTP/HTTPS proxy server is not reachable, Cisco SD-WAN Manager displays an error message on the GUI indicating the reason for failure.

Before you begin

SD-WAN Manager uses HTTPs connection to www.cisco.com (previously, TCP port 7 echo request was used) to validate reachability of the proxy server. Ensure that you configure your firewall and proxy server to allow the echo requests to make the destination host ports accessible.
Enable out of band interface on single node using Administration > Cluster Management before configuring proxy server.

Perform these steps to configure a proxy server for HTTP and HTTPS traffic.

Procedure

	1.	From the Cisco SD-WAN Manager menu, choose Administration > Settings.
	2.	Open HTTP/HTTPS Proxy.
	3.	For the Enable HTTP/HTTPS Proxy setting, click Enabled.
	4.	Enter the HTTP/HTTPS Proxy IP Address and Port number. For releases before Cisco Catalyst SD-WAN Manager Release 20.13.1, enter an IPv4 address. For releases from Cisco Catalyst SD-WAN Manager Release 20.13.1, enter an IPv4 or IPv6 address.
	5.	Enter a Non Proxy Host/IP List of IP addresses or hostnames to exclude from use with the proxy server. Use the pipe (\|) character to separate items in the list.
	6.	Click Save.

Need help?

Open a support case

(Requires a Cisco Service Contract)

Bias-free language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.