Configuring agents to communicate through a forward proxy

If your firewall rules do not allow outbound HTTPS connections to external hosts, you can configure monitoring agents to send traffic to a forward proxy. Edit the KDH_FORWARDPROXY environment variable to configure agents to communicate through the forward proxy.

About this task

When a forward proxy is used, agents first open a TCP connection with the proxy. Agents send an HTTP CONNECT request and the target endpoint (Monitoring server) URL to the forward proxy. Then, the forward proxy establishes a TCP connection with the target endpoint and sets up an HTTP or HTTPS tunneling session between the agent and the Monitoring server.

Note: Agents do not support authenticating proxies, which means the agent does not support logging on to a forward proxy by using a configured proxy user ID and password.


  1. Open the agent environment configuration file in a text editor:

    • Linux® or Unix®: For Monitoring Agents or Cloud APM V8 agents, open the <install_dir>/config/global.environment file. The global.environment file configures all agents in the installation directory. For ITM V6 agents (IBM® Tivoli® Monitoring agents or ITCAM agents), open the <install_dir>/config/<pc>.environment file for each agent.

      Where <install_dir> is the installation directory of the agents, and <pc> is the agent product code.

    • Windows®: For 64-bit agents, open the <install_dir>\TMAITM6_x64\K<pc>ENV file. For 32-bit agents, open the <install_dir>\TMAITM6\K<pc>ENV file.

      Where <pc> is the agent product code.

      Configure the K<pc>ENV file for each agent. For a list of product codes, see Using agent commands.

  2. Edit the KDH_FORWARDPROXY environment variable to specify the proxy address and port.


    Here is an example:

  3. Restart the agent to implement your changes. See Using agent commands.