Im in a process of architecturing a Veeam setup for an OT environment, where the network restrictions is pretty, strict...
I need to use an HTTPS proxy for connection from VSA to an external S3 storage.
When using the HTTP/HTTPS proxy feature in VSA and VHR, theres a textfield called 'No Proxy for', what entrys does it accept?
Whole network segments or only specific IP adresses? Or both?
Not alot of information to find about that.
A quick update: the "No Proxy for" field supports the following exclusions:
- Single IP addresses: e.g. 192.168.1.5,172.20.11.20
- Domain wildcards: e.g. demo.domain.com,domain.com,.com
For domain wildcards: adding domain.com ensures HTTP/S connections to both domain.com and *.domain.com bypass the proxy server.
I hope this helps. We’ll update the Help Center soon with example configurations.
Proxy works differently from firewalls — you don’t exclude entire target subnets, as proxy clients operate based on the URL being accessed.
It’s also important to note that not all Veeam components use the system proxy settings under Host Management. For example, Veeam Updater has its own proxy configuration. I’m currently checking which components rely on the system proxy settings, with the goal to add them to the documentation as well.
Could you share which specific endpoints you’d like to bypass from connecting through the proxy server? Are these perhaps internal Object Storage nodes? That would help me provide a more accurate recommendation or raise an improvement request if needed.
