Exchange name change
Overview:
Interactive Brokers is completing an effort to update and consolidate exchange names where appropriate. When this effort is complete, the following updates will be in effect:
- GLOBEX and CMECRYPTO will be consolidated to a single exchange, ‘CME’
- ECBOT will be updated to ‘CBOT’
- COMEX listed metals (previously reflected as NYMEX) will be updated to exchange ‘COMEX’
- NYMEX, no change
Given the breadth of products involved, we are migrating in four waves based on underlying products:
| Key | Effective Trade Date | Products |
| Wave 1 | October 30, 2022 | GLOBEX: ZAR, LB, DA, IXE |
| Wave 2 | November 6, 2022 | GLOBEX: EMD, BRE, CHF, SOFR3, E7, NKD CMECRYPTO: BTCEURRR, ETHEURRR, MET |
| Wave 3 | November 13, 2022 | GLOBEX: All remaining products CMECRYPTO: All remaining products ECBOT: ZO, ZR, 2YY, 30Y NYMEX: ALI, QI, QC |
| Wave 4 | December 4, 2022 | ECBOT: All remaining products NYMEX: All remaining "Metal" products |
I am trading via API, how does this impact me?
For API clients the only requirement would be to provide a new exchange name, for example: exchange=”CME”, for existing contracts for the affected exchanges.
Old exchanges names will no longer be available after the change.
More details can be found within our FAQs through the following link: Upcoming Exchange name Changes
Note: If you are using a third party software connected to TWS or IB Gateway and that software does not recognize the new contract definitions, please contact the third party vendor directly.
How to Upload a Diagnostic Bundle from an IBKR Platform
Overview:
Some support related issues require diagnostics files and logs to be uploaded along with screenshots. The information will help our team to investigate and resolve the issue that you are experiencing.
This article will help you with detailed steps on how to upload diagnostics files and logs from various Interactive Brokers’ trading platforms.
Note: IBKR does not monitor the diagnostic bundle repository throughout the day. Should you spontaneously decide to upload a diagnostic bundle, without being instructed by Interactive Brokers, please inform our Client Services via Message Center ticket or phone call otherwise your error report will go unnoticed.
Please click on one of the links below, according to the platform you are using:
-
IBKR Mobile (Android)
-
IBKR Mobile (iOS)
1. Log in to TWS and try to replicate the issue that you are experiencing
2. Press ‘Help’ at the top left corner and select ‘Upload Diagnostics’. Alternatively, depending on your Operating System, you can use the following keyboard combinations
- For Windows and Linux Operating system: Press Ctrl+Alt+Q
- For Mac: Press Cmd+Option+H
3. The ‘Upload Diagnostics’ window will appear. You may enter the reason for uploading diagnostics in the text box
4. If an Interactive Brokers representative has instructed you to include previous days logs or select specific options when uploading diagnostics, click the dropdown on the right top corner, select ‘Advanced View’ and tick the correspondent checkboxes which will appear on the bottom left part
5. Make sure the checkbox ‘Include screenshot of entire desktop’ is enabled and press ‘Submit’
6. Do not perform any action/activity on your computer until you see the below pop-up, confirming that the diagnostics have been successfully uploaded
A) If you are at the login Screen:
1. Tap the three dots icon in the right top corner and select ‘Upload Diagnostics’
2. Add your username in the comment section and tap ‘Upload’
1. Tap the three lines icon in the top left corner to open the menu
2. Tap ‘Configuration’> ‘Trouble Reporting’> enable the check box next to ‘Debug mode’
3. If requested by an Interactive Brokers representative, enable the check box next to ‘Extended Log’ as well
5. Tap the three dots icon in the top right corner of the screen and select ‘Upload Diagnostics’
6. Enter your comments in comment section and enable the checkbox next to ‘Attach Screenshot’. Then tap ‘Upload’
A) If you are at the login Screen:
1. Tap five times in a quick sequence on the IBKR logo to open the testing menu
2. Under Configuration, enable the toggle button next to ‘Debug mode’
3. Tap ‘Send’ next to ‘Upload diagnostics’
4. Enter your username in the comments section and tap ‘OK’
1. Capture screenshots displaying the issue you are experiencing directly on the phone (pressing together the physical buttons Power + Volume Up)
2. Tap the option ‘More’ in the right bottom corner of the screen
3. Tap ‘Configuration’ and expand the section ‘Trouble Reporting’
4. Enable the toggle button next to ‘Debug mode’ and, next to ‘Upload diagnostics’, tap ‘Send’
5. The ‘Send Diagnostics’ page will appear. Enter your comments in comment section
6. Tap the ‘Attach Image’ button to attach screenshots of the issue that you have previously saved in your camera roll
7. Tap ‘Send’
1. Log in to the app
2. Tap the User icon in the top left corner and select ‘Settings’
3. Tap the option ‘Advanced’ and enable the toggle button next to ‘Debug mode’
4. If requested by an Interactive Brokers representative, enable as well the toggle button next to ‘Extended Log’
5. You will see an ‘Upload Diagnostics’ pop-up. Enter your comments in the field and tap ‘Upload’
Note: If you need to send us screenshots of IMPACT or IBKR GlobalTrader for Android, you would have to attach them to a Message Center web ticket, as explained in IBKB1071
1. Log in to the app
2. Capture one or more screenshots displaying the issue you are experiencing directly on the phone (pressing the physical buttons Power + Volume Up simultaneously)
3. Now tap the User icon in the top left corner and select ‘Settings’
4. Tap ‘Advanced’
5. Enable the toggle button next to ‘Debug mode’ and tap ‘Upload Diagnostics’
6. The ‘Send Diagnostics’ screen will appear
7. Enter your comments in the field and tap ‘Attach Image’ to attach the screenshot/s you previously saved in your camera roll
8. Tap ‘Send’
A diagnostic trace for Client Portal can be captured following the steps on IBKB3512
Generate RSA Key Pair on Windows
These instructions apply to users who are receiving their statements via sFTP. If you elected to receive your statements via sFTP, you would first need to generate an RSA Key pair.
To generate an RSA Key pair:
1. Download WinSCP.
2. Run the installer and make sure to check PuTTYgen (key generator) as one of the components to install.
3. Start WinSCP and from the button Tools select Run PuTTYgen.
2. Run the installer and make sure to check PuTTYgen (key generator) as one of the components to install.
3. Start WinSCP and from the button Tools select Run PuTTYgen.
4. Once the tool PuTTYgen has been launched, click Generate. Select RSA as Type of key to generate, 2048 as Number of bits in generated key and click on the button Generate.
5. Click "Save private key" and give the file a name (like private). Leave the extension as .ppk ('ale.ppk', in the picture below is an example filename).
Important Note: do NOT save your public key yet. Save only your private one.
.png)
6. Open WinSCP, create a new connection and:
- Select SFTP as File protocol.
- Enter xfer.interactivebrokers.com in the Host name field.
- Enter 32 in the Port number field.
7. Click on the button Advanced.
8. In the Advanced Site Settings screen, left side menu, expand SSH and select Authentication. Click on the button ... at the end of the field Private Key file and open the private key you previously saved at point 5):
8. In the Advanced Site Settings screen, left side menu, expand SSH and select Authentication. Click on the button ... at the end of the field Private Key file and open the private key you previously saved at point 5):
9. Click on the button Display public key:
10. Click on the button Copy Key.
11. Open Notepad, press CTRL+V to paste the key string (which is one string of characters without spaces) and then save the file with the name public.key in a folder of your preference:
11. Open Notepad, press CTRL+V to paste the key string (which is one string of characters without spaces) and then save the file with the name public.key in a folder of your preference:
12. Send the file you saved at the previous step to us via Message Center ticket or email as per instructions on IBKB3842
14. Once the IBKR Sales Engineering Team has configured the parameters for your connection on our servers, you will be able to access your SFTP repository by using the connection you have created.
Related articles
KB3842 - Using GPG/RSA encryption keys to guarantee the privacy and security of your Reports
KB3968 - Generate a key pair using GPG for Windows
KB4205 - Generate a key pair using GPG Suite on macOS
KB4108 - Decrypt your Reports using GPG for Windows
KB4210 - Decrypting Reports using your PGP Key pair on macOS
KB4578 - How to Access your Reports using FTP on Windows
KB4580 - How to Access your Reports using FTP on MacOS
Transferring your Key Pair From One Computer To Another
Background:
If you need to decrypt files that were encrypted with your private Key on an additional computer, you need to copy both your private and public keys (the entire Key pair) to that computer.
Note: this tutorial assumes you have already set up a Key pair. If you need guidance to set up the Key pair please refer to this article, which is a prerequisite to the instructions below.
How to transfer your Key pair:
Please select one of the below links, according to your Operating System:
Windows
1. On the machine where the encryption keys are stored, connect a USB drive to a free USB port.
2. Launch the Kleopatra application and select the encryption key you want to transfer. Then right-click on the selection and choose Backup Secret Keys...
Note: Do NOT use Export..., as this will only export the public part of the Key while you need to have a backup of both public and private parts.
3. Select your USB drive as destination and a filename of your preference (e.g. secret-key-KEYID.asc) for your backup copy. Then click Save.
4. Enter the passphrase you have set when you created the Key and click OK.
5. A pop-up will confirm the backup has been successfully created. Click OK.
6. Eject your USB drive safely through the Windows interface to prevent data loss and connect it to a free USB port on the other computer (the one you want to transfer the key to). All the next steps have to be executed on that machine.
7. Make sure the the GPA software is installed, otherwise please install it. Make sure that the component Kleopatra is selected as one of the sub components to include in the installation.
8. Launch the Kleopatra application and click on the top menu File and select Import...
9. Click on the letter correspondent to your USB drive and select the file you have previously saved (e.g. secret-key-KEYID.asc). Then click Open.
10. Click on Yes, It's Mine.
11. A pop-up will confirm the Key has been successfully imported. Click OK. You may now want to delete the key file from the USB drive and empty the Trash.
macOS
1. On the machine where the encryption keys are stored, connect a USB drive to a free USB port.
2. Launch the GPG Keychain application and select the encryption key you want to transfer. Please make sure that you see the text Type: Secrete and public key, in the Type column.
.png)
3. With the desired encryption key highlighted, click Export. Please make sure to check the box for the option Include secret key in exported file, as illustrated in the above screenshot. Save the key pair to the USB drive.
4. Eject the USB drive and connect it to a free USB port on the other computer (the one you want to transfer the key to). All the next steps have to be executed on that machine.
5. Make sure the GPG Tools suite is installed, otherwise please install it.
6. Launch the GPG Keychain application and click the icon Import on the top toolbar.
(1).png)
7. Click the USB Drive and select the previously saved .ASC file that contains the Public and Private key. Then click Open.
8. The confirmation should read Import successful.
9. Once the key has been successfully imported, delete the key file from the USB drive and empty the Trash.
Related articles
KB3842 - Using GPG/RSA encryption keys to guarantee the privacy and security of your Reports
KB3968 - Generate a key pair using GPG for Windows
KB4205 - Generate a key pair using GPG Suite on macOS
KB4108 - Decrypt your Reports using GPG for Windows
KB4210 - Decrypting Reports using your PGP Key pair on macOS
KB4407 - Generate RSA Key Pair on Windows
KB4578 - How to Access your Reports using FTP on Windows
KB4580 - How to Access your Reports using FTP on MacOS
Decrypting Reports Using Your PGP Key Pair on macOS
Note: This tutorial assumes you received reports via email or via FTP that were encrypted with the public key you sent to IBKR . If you need guidance to set up the encrypted statement delivery, please refer to this article, which is a prerequisite to the instructions below.
1. Open Finder
2. Right click on the .gpg file you want to decrypt
3. Select Services > OpenPGP: Decrypt File
Common Issues/Questions
- Decryption failed with error 'No Secret Key'
This is commonly caused when the wrong encryption key is used to decrypt the file. If decryption is being done on a computer other than the original computer used to create the public/private keys, the keys would have to be transferred from the original computer to the new computer.
If the above does not help, then a new public/private key pair needs to be created and sent to us.
Related articles
KB3842 - Using GPG/RSA encryption keys to guarantee the privacy and security of your Reports
KB3968 - Generate a key pair using GPG for Windows
KB4205 - Generate a key pair using GPG Suite on macOS
KB4108 - Decrypt your Reports using GPG for Windows
KB4407 - Generate RSA Key Pair on Windows
KB4578 - How to Access your Reports using FTP on Windows
KB4580 - How to Access your Reports using FTP on MacOS
Decrypt Your Reports Using GPG for Windows
Note: This tutorial assumes you received reports via email or via FTP that were encrypted with the public key you sent to IBKR. If you need guidance to set up the encrypted statement delivery, please refer to this article, which is a prerequisite to the instructions below.
How to decrypt files using Kleopatra:
1. Save all the encrypted Reports you received via email or FTP in a folder on your preference (e.g. Desktop)
2. Start the Kleopatra application (included in Gpa4win software). The entry for your Key should be listed in the All Certificates panel. Click the top menu File and select Decrypt/Verify...
3. Open the folder containing your encrypted files and select the ones you want to decrypt.
4. Provide the passphrase you set when you create your Key.
5. The files will be decrypted and the outcome of the operation will be displayed within the panel. You can change the output folder (where the decrypted files will be saved) if you wish. Click Save All to finalize the process.
Note: do NOT click Discard, otherwise the decrypted files will not be saved.
6. Open the Windows File Explorer and navigate to the output folder you selected at the previous step. From there, you can access and open your clear-text files.
Common Issues/Questions
- Decryption failed with error 'No Secret Key'
This is usually caused by the wrong encryption key being used to decrypt the file. If decryption is being done on a computer other than the original computer used to create the public/private keys, the keys would have to be transferred from the original computer to the new computer.
If the above does not help, then a new public/private key pair needs to be created and sent to us.
References
KB3842 - Using GPG/RSA encryption keys to guarantee the privacy and security of your Reports
KB3968 - Generate a key pair using GPG for Windows
KB4205 - Generate a key pair using GPG Suite on macOS
KB4210 - Decrypting Reports using your PGP Key pair on macOS
KB4407 - Generate RSA Key Pair on Windows
KB4578 - How to Access your Reports using FTP on Windows
KB4580 - How to Access your Reports using FTP on MacOS
KB4409 - How to set up sFTP for using Certificate Authentication on Windows
KB4410 - How to set up sFTP for using Certificate Authentication on macOS
KB4411 - How to backup your public/private Key pair
KB4323 - How to transfer your public/private key pair from one computer to another
KB4409 - How to set up sFTP for using Certificate Authentication on Windows
KB4410 - How to set up sFTP for using Certificate Authentication on macOS
KB4411 - How to backup your public/private Key pair
KB4323 - How to transfer your public/private key pair from one computer to another
How to generate a ".har" file
Background:
When troubleshooting a non-trivial website issue, it is sometimes necessary for our Client Services team to obtain additional information about your browser communication. You may be asked record and provide a .har file. This file contains additional information about the network requests that are sent and received by your browser. Your browser can generate such file by recording content, timeline and status of HTTP/HTTPS requests and responses while the issue occurs.
In this article we explain how to generate a .har file. Please click on the browser that you use in the list below:
To generate the HAR file for Google Chrome:
1. Open Google Chrome and go to the page where the issue is occurring.
2. Press CRTL +SHIFT + I on your keyboard. Alternatively, click on the Chrome menu icon (three vertical dots at the top-right of your browser window) and select More Tools > Developer Tools
3. The Developers Tools opens as a docked panel at the side or bottom of Chrome. Select the tab Network (Figure 1.)
Figure 1.
.png)
4. Look for a round Record button in the upper left corner of the Developer Tools toolbar and make sure it is red. If it is grey, click it once to start recording or just press CTRL+E (Figure 2.)
Figure 2.
5. Activate the checkbox Preserve log (Figure 3.)
Figure 3.
.png)
6. Click the Clear button to clear out any existing logs. The Clear button has a stop icon and is located on the right of the Record button (Figure 4.)
Figure 4.
7. Reproduce the issue you are experiencing while the network requests are being recorded.
8. Once you have reproduced the issue, right-click anywhere on the list of recorded network requests, select Save all as HAR with Content, and save the file to a location of your preference on your computer (e.g. on your Desktop).
9. From the IBKR Client Portal, go to the Message Center and create a new Web Ticket (or use an existing one when applicable)
10. Within the Web Ticket, attach the .har file previously generated. In case the IBKR Client Services has provided you with a reference ticker number or representative name, please add this information to the ticket body.
11. Submit the Web Ticket
To generate the HAR file for Firefox:
1. Open Firefox and go to the page where the issue is occurring
2. Press F12 on your keyboard. Alternatively click the Firefox menu icon (three horizontal parallel lines at the top-right of your browser window), then select Web Developer > Network
3. The Developers Network Tools opens as a docked panel at the side or bottom of Firefox. Select the tab Network (Figure 5.)
Figure 5.
4. Activate the checkbox Persists logs (Figure 6.)
Figure 6.
5. Reproduce the issue you are experiencing. The recording of the network request starts automatically.
6. Once you have reproduced the issue, right-click anywhere on the list of recorded requests and select Save All As HAR
7. Save the file to a location of your preference on your computer (e.g. on your Desktop)
8. From the IBKR Client Portal, go to the Message Center and create a Web Ticket (or use an existing one when applicable)
9. Within the Web Ticket, attach the .har file previously generated. In case the IBKR Client Services has provided you with a reference ticker number or representative name, please add this information to the ticket body
10. Submit the Web Ticket
To generate the HAR file for Microsoft Edge:
1. Open Edge and go to the page where the issue is occurring.
2. Press F12 on your keyboard. Alternatively click the Edge menu icon (three horizontal dots at the top-right of your browser window), then select More Tools > Developers Tools
3. Click the Network tab (Figure 10.)
Figure 10.
.png)
4. Reproduce the issue that you were experiencing before, while the network requests are being recorded.
5. Once done click the floppy disk icon (Export as HAR) or press CTRL+S (Figure 11.)
Figure 11.
6. Provide a filename and a location of your preference on your computer (e.g. on the Desktop). Then click the Save button
7. From the IBKR Client Portal, go to the "Message Center" and create a Web Ticket (or use an existing one when applicable)
8. Within the Web Ticket, attach the .har file previously generated. In case the IBKR Client Services has provided you with a reference ticker number or representative name, please add this information to the ticket body.
9. Submit the Web Ticket
To generate the HAR file for Safari:
Note: Before generating the HAR file, make sure you can see the Develop menu in Safari. If you do not see this menu, click on the menu Safari, choose Preferences, go to the tab Advanced and activate the checkbox next to Show Develop menu in menu bar
1. Open the Develop menu and select Show Web Inspector or press CMD+ALT+I
2. Click the Network tab (Figure 12.)
Figure 12.
3. Activate the checkbox Preserve log (Figure 13.)
Figure 13.
.png)
4. Click on the icon Export (or press CMD+S), provide a filename and a location of your preference on your computer (e.g. on the Desktop) and save the .har file
5. From the IBKR Client Portal, go to the "Message Center" and create a Web Ticket (or use an existing one when applicable)
6. Within the Web Ticket, attach the web archive file previously generated. In case the IBKR Client Services has provided you with a reference ticker number or representative name, please add this information to the ticket body.
7. Submit the Web Ticket
How to use Voice callback for receiving login authentication codes
Background:
If you have SMS enabled as two-factor authentication method, you may use Voice callback to receive your login authentication codes. This article will provide you steps on how to select voice callback when logging in to our platforms.
How to use Voice callback
You may select Voice if you do not receive your login authentication code. You will then receive your login authentication code via an automated callback. Follow the instructions below, depending on which platform you are trying to login to.
Client Portal
1. Click on "Didn't receive a security code?"
2. From the two options, select "Voice" and wait for the callback.
3. After selecting Voice, you should receive the callback within a minute. Please wait for the callback and be ready to write down the code that will be provided over the callback.
TWS
1. Click on "Request new Security Code"
2. From the two options, select "Voice" and click on OK. Then wait for the callback.
3. After selecting Voice, you should receive the callback within a minute. Please wait for the callback and be ready to write down the code that will be provided over the callback.
Note: Voice callback for the TWS is only available in the LATEST and BETA version.
IBKR Mobile - iOS
1. Click on "Request New Code"
2. From the two options, select "Voice" and wait for the callback.
3. After selecting Voice, you should receive the callback within a minute. Please wait for the callback and be ready to write down the code that will be provided over the callback.
IBKR Mobile - Android
1. Click on "Request New Security Code"
2. From the two options, select "Voice" and wait for the callback.
3. After selecting Voice, you should receive the callback within a minute. Please wait for the callback and be ready to write down the code that will be provided over the callback.
References:
- How to login using SMS authentication
- Overview of Secure Login System
- Information and procedures related to Security Devices
- IBKR Mobile Authentication
IBKR Mobile Authentication (IB Key) Use Without Notifications
In case your smartphone is unable to receive IBKR Mobile notifications, you can still complete the login process using the IBKR Mobile Authentication (IB Key) Challenge/Response method, described on the following pages (according to your device operating system):
The same information applies to you if your phone has no Internet connectivity (you are in roaming, out of coverage, without an active mobile data plan, etc.)
If your smartphone is unable to receive IBKR Mobile notifications despite having Internet connectivity, we recommend you to perform the steps outlined in the IBKR Knowledge Base.
TWS / IB Gateway and their interaction with Proxy servers
Table of contents
Configuration instructions
- Can the TWS / IB Gateway operate through a Proxy server, and how?
- If I use a SOCKS Proxy server, do I need to configure the TWS / IB Gateway?
- If I use a SOCKS Proxy server, do I need to configure the client machines where TWS / IB Gateway runs?
- If I use a Web (HTTP) Proxy server, do I need to configure the TWS / IB Gateway?
- What alternatives do I have in case I cannot implement a proxy solution on my network?
Common issues
Technical Background
Configuration instructions
1. Can the TWS / IB Gateway operate through a Proxy?
Upon start-up and during the run-time, the TWS / IB Gateway must establish and maintain direct network connections to our gateways and market data servers1. Such connections are created from random local TCP ports (above 1024) and are directed to TCP ports 4000 and TCP 4001. Since those are not HTTP connections, they cannot be serviced by a Web (HTTP) Proxy. They can only be serviced by a SOCKS Proxy.
From within the TWS interface, you can access several external services, such as IBKR Client Portal, Statements, Contract details, Bond Search, etc. Those services, being web-based, can be accessed through a Web (HTTP) Proxy (see section 6 for details and configuration) or through a SOCKS Proxy (see sections 4. and 5. for details and configuration).
2. If I use a SOCKS Proxy server, do I need to configure the TWS / IB Gateway?
The TWS / IB Gateway does not contemplate an option for SOCKS proxy forwarding. Therefore, it does not have a place where an explicit SOCKS Proxy host/port can be configured. This does not mean that the TWS / IB Gateway cannot work with a Proxy. It simply means that the TWS / IB Gateway is unaware of the underlying SOCKS proxy setup (proxy-agnostic).
Important Note: While it is impossible for us to determine whether a Proxy is enabled on your network, we assure you that all IBKR platforms, including the TWS, do not impact nor influence your network configuration.
3. If I use a SOCKS Proxy server, do I need to configure the client machines where TWS / IB Gateway runs?
The connections started by the TWS / IB Gateway can be redirected to a SOCKS (Application) Proxy through a specific client machine setup. We mention some of them below. Please note that the final decision is yours and none of the below suggestions can be recommended by us as best adapted to your setup and requirements.
3a. Using a Proxy Client software installed on the client machine where TWS / IB Gateway is running
With this setup, the Proxy client will intercept the connections (not only HTTP but for other ports as well) initiated by the TWS / IB Gateway and redirect them to a SOCKS proxy server. The typical benefits of a transparent proxy include a standard enterprise configuration where all clients routed to the Internet will always be filtered and protected no matter what the end users do, or change, on their machines and the added benefit of reduction in typical user’s client-proxy configuration troubleshooting.
3b. Using a so-called Proxifier
This configuration is very similar to the one at point 5a with the only difference that the Proxifier software can be set to redirect to a Proxy all the requests started by a specific process (e.g., C:\Jts\tws.exe; C:\JTS\ibgateway\XYZ\ibgateway.exe), hence instating a process level packet forwarding instead of a port level forwarding. This setup allows handling environments where different proxy servers are used for different applications or where you would like to address a specific application requirement without modifying/disrupting the connectivity schema for other software installed. The advantage of this solution is minimal maintenance since the connectivity schema is bound to the process and not to the hosts/ports.
3c. Using specific network routing on a client machine
With this setup, you can modify the client machine standard network routes, adding new ones in order to forward packets with specific destinations (e.g., Order routing and Market Data servers1) to a different gateway.
This gateway will then be in charge of routing those requests to the destination hosts. This solution has as well the benefit of not modifying/disrupting the connectivity schema for other software installed but usually requires more maintenance on the gateway and on the client machine in case the IP of the destination servers are changed or in case new servers are added.
4. If I use a Web (HTTP) Proxy server, do I need to configure the TWS / IB Gateway?
If the Workstations on your local network access the Web content through a Web (HTTP) Proxy, you need to specify the Web Proxy IP Address and port. To do this, click More Options at the bottom of the TWS Login Screen, and enter your Proxy server details in the fields Host and Port (see Figure 1 below). The same fields are present in the IB Gateway Login Screen.
Figure 1.
The Web Proxy you set there will ONLY be used to fetch the web content accessible from within the TWS (e.g., Client Portal, Statements, Product Details, etc.)
5. What alternatives do I have in case I cannot implement a proxy solution on my network?
In this case, you might orient yourself towards a different type of access to the IBKR infrastructure, which includes a special connection type and a FIX/CTCI engine setup. This setup would, on the other hand, have different requirements in terms of commissions2.
Common Issues
6. What happens if the proxy configuration on your computer is wrong or outdated?
Occasionally, third-party software, even if already uninstalled, may leave behind a SOCKS proxy configuration on your computer. This may also happen if your computer has been infected with malware. In such cases, the proxy server, although configured, is non-existent or not accessible on the network. In such scenarios, the TWS will show an error message (e.g., No Internet Connectivity) and/or start the "Connection attempt #" loop upon login. The same will happen if the Proxy server exists, but has not been correctly configured on the client machines.
6a. How can I correct the proxy configuration if wrong?
When applicable, we recommend you always consult the IT / Networking team of your company first and ask for guidance.
If you are autonomously managing your network, please follow the instructions below according to the Operating System of your machine/s:
Windows
W.1 Press CTRL+S to open the Windows search
W.2 Type Proxy Settings and press Enter
W.3 If no Proxy is present on your network, make sure the switch "Use a proxy server" is deactivated (see Figure 2 below). If a Proxy server is active on your network, make sure the Address (or hostname) and Port are correctly defined.
Figure 2.
Mac
M.1 Click on the Apple icon at the top left corner of the screen and select System Preferences
M.2 Click on Network
M.3 Select the Network connection you are using to access the Internet (e.g. Wi-Fi) and click on it
M.4 Click on the Advanced button and then on the Proxies tab
5. If no proxy is present on your network, make sure all the checkboxes (SOCKS Proxy, Web Proxy, Secure Web Proxy) are deactivated (see Figure 3 below). If a Proxy is present on your network, ensure the Protocol, Address (or hostname) and Port are correct.
Figure 3.
7. You are using Public proxies and proxy chains to hide your presence or identity
There are public proxy and proxy chain services purposed to disguise or hide the identity and the activity of the subscriber or to bypass regional restrictions. One of the most famous services is the "Tor" network.
While those services may not necessarily be used for criminal purposes, they render subscriber traceability very difficult when not impossible. Since IBKR is obliged by the financial industry regulators to maintain records of trading activities and trade initiators, we do not allow our clients to reach our systems while using an anonymizing service. If you are using such a service, your TWS connection attempts will be automatically rejected by our gateways.
Technical Background
A proxy server usually acts as a gateway and as a barrier between your local network and the Internet. The proxy listens for outgoing connection requests from the internal workstation/s and forwards them to the desired target host or service on the Internet. When the target replies to such requests, the proxy routes the incoming responses back to the internal workstation/s that initiated the process.
Being the proxy, the only machine of your network actually accessing the Internet, it prevents the other machines and the internal segment of your network (LAN) from being accessible by external actors and hence from being exposed to threats and intrusion attempts.
Additionally, a proxy server can offer a variety of other services, such as web content caching and filtering.
9. Which types of Proxy servers are commonly used and where?
Proxy servers are commonly found within enterprise-grade networks. In the vast majority of cases, proxies are not used by individuals since private broadband connections are established through consumer-grade routers that already offer built-in proxy/firewall solutions. An exception is represented by public proxy or proxy chains discussed in detail in the section You are using Public proxies and proxy chains to hide your presence or identity
There are two main types of Proxy servers:
The HTTP (Hypertext Transfer Protocol) defines the rules and the standards for fetching Web content from a Web server and rendering such content on your Web Browser.
A Web Proxy handles only the routing of HTTP requests and HTTP responses. Those requests are transparently generated and sent by your browser whenever you access a Web page. Such requests are normally sent using specific ports (TCP 80 and TCP 443). Hence a Web Proxy usually listens for outgoing HTTP requests coming from your internal network (LAN) only on the TCP ports mentioned above.
SOCKS (Socket Secure) Proxies are designed to handle any type of traffic (not only HTTP/S traffic), generated by any protocol or program (including Trader Workstation).
Notes
1. More information about the servers accessed by the TWS is available in IBKB2816.
2. For an overview of the different special connection options and related requirements, please click here.
For an overview of the FIX infrastructure, please click here.
