When the Core server is configured to use the Metadata Based Patch Distribution model, the Agent on the managed device requests binaries from the Satellite server to patch vulnerabilities.
On the Satellite Console, you can use the Patch Management link to configure Satellite servers to either retrieve the requested binaries from the Internet through the Patch Gateway or to forward the request to the configured upstream server.
When you disable the Patch Gateway, the Satellite server will forward the request for the patch binaries to the upstream server. This is the default setting for this option. When you enable the Patch Gateway, the Satellite server will retrieve the patch binaries directly from the Internet. Enabling the gateway is recommended because it is a more efficient and direct way to acquire the binaries and allows you to fine tune how long you want to cache the binaries based on the needs of your enterprise.
If a proxy server is required to access the Internet, go to the Proxy Settings link on the Configuration tab in the Satellite console. The instructions are the same as those provided in Proxy Settings for the Core Console except that the Proxy Settings link is not located under Infrastructure Management in the Satellite Console. It is a top-level link.
To configure the Patch Gateway on the Satellite server: