For the Bluemix Secure Gateway service, how does the data center's network need to be configured?

I am going to use Secure Gateway service in Bluemix and I have some questions about how I should make it work.

1. Systems in my data center's intranet access the Internet through a proxy (with no authentication). Can Secure Gateway connect to Bluemix via a proxy?
2. Does it connect to Bluemix via HTTPS protocol?
3. The network admins asked me: What are the IPs (or the IP range) of Bluemix, any idea?

Thank you very much.

A Secure Gateway instance runs in two parts, as shown in "Reaching enterprise backend with Bluemix Secure Gateway via console": the gateway and the gateway client. The gateway runs in Bluemix, the gateway client runs in the data center containing one or more systems of record to connect to. The gateway client needs network access to the Bluemix data center (typically via the Internet) and to the systems of record (via the data center's internal network). The gateway client initiates the connection, so it needs to know Bluemix's address, but Bluemix doesn't need to know the gateway client's address.

To answer your questions specifically:

1. A proxy isn't supported. The gateway and its client need direct access to each other.
2. The connection uses HTTPS for SSL encryption. The transport level security (TLS) options can be used to add authentication.
3. Bluemix's IP addresses aren't published.