Berkeley Lab’s IT Division offers a secure web proxy service designed to support devices that require internet access but operate in protected or sensitive environments. Known as the LBLnet Web Proxy, this service helps bridge the gap between devices that cannot connect directly to the internet and the web-based resources they need.
Why Use a Web Proxy?
Many systems at the Lab are intentionally isolated from the public internet to reduce cybersecurity risks. These systems often rely on access control lists (ACLs) or other protections to block unauthorized connections. However, even protected systems sometimes need limited access to the internet—to download software updates, send system status reports, or connect to vendor services.
The LBLnet Web Proxy provides a secure and controlled method for this kind of connectivity. Instead of opening up a system to direct exposure, administrators can route http and https traffic through the proxy server, located at http://proxy.lbl.gov on port 3128.
Ideal Use Cases
The web proxy is well-suited for:
- Protected Systems such as:
- Intelligent Platform Management Interfaces (IPMI)
VMware ESXi hosts - Network-Attached Storage (NAS) systems
- Facilities control systems
- Scientific instruments
- Intelligent Platform Management Interfaces (IPMI)
- Lab networks that need internet access but lack the resources for a dedicated firewall
- Devices needing to reach external sites without being discoverable via internet scans
The proxy supports outbound traffic only. This means outside servers cannot initiate communication with the devices using the proxy, preserving internal network security.
What the Proxy Is Not For
This service is not intended for general web browsing or to replace standard network access. It is also not filtered, so any destination normally reachable from LBLnet will be accessible through the proxy. If your use case requires destination restrictions, reach out to LBLnet for custom solutions.
Performance and Reliability
The service is built for low-bandwidth needs—averaging under 1 Mbps and peaking below 100 Mbps. It is ideal for tasks like updating software or syncing with cloud-based vendor services. Although designed for 99% uptime, occasional outages (lasting minutes to hours) may occur without warning. It is not recommended for systems that require high availability or large-scale data transfer.
How to get Started
The proxy is self-service and requires no registration or approval. Simply configure your device using the following settings:
- Server address: http://proxy.lbl.gov
- Port: 3128
- Location: Must be connected to LBLnet at a Berkeley Lab facility
Following is a list of device-specific setup instructions:
- MacOS: Select the Apple menu > System Settings > Network, then select a network service > Details > Proxies.
- Windows: Select the Start button, then select Settings > Network & Internet > Proxy. Under Manual proxy setup, turn on Use a proxy server.
- iOS: Go to Settings > Select Wi-Fi, then select the Wi-Fi network you’re connected to > Configure Proxy (bottom of the page)
- Android: Go to Settings > Select Wi-Fi, then select the Wi-Fi network you’re connected to > Proxy. Please refer to documentation for your phone OS for more detailed instructions.
- Linux: Setup can be completed via the command line or GUI. Please follow instructions for your distribution.
Contact the IT Help Desk if you encounter configuration issues or need help updating network ACLs.
in the bottom right or navigate to