Hi and welcome to the forum 
Foreman Smart-Proxies are designed for the use-case you are describing, but they do not work like a classical proxy. The architecture with smart-proxy is essentially the following:
- You have your Foreman Server as a central management instance, where you assign things like Puppet environment, classes and parameters to send via Puppet ENC, etc.
- On each separated subnet you deploy a smart-proxy server. For Puppet functionality, this server acts as a standalone puppet-master. It communicates with the central Foreman for ENC information, but is otherwise it’s own, standalone Puppetserver.
- Some Foreman Smart-Proxy features act differently, more in the way you would assume by the name of “proxy” (essentially routing the requests through to Foreman), but for Puppet that is not the case.
I hope this clears your questions.
Regards