Configuring Web Reverse Proxy

At this point, the Unified Access Gateway has been deployed and you are able to access the Unified Access Gateway administration console to add and change configurations of your Unified Access Gateway appliance.

This exercise shows you how Unified Access Gateway can be used as a Web reverse proxy, and can act as either a plain reverse proxy or an authenticating reverse proxy in the DMZ. In this exercise, you learn how to set up a plain reverse proxy.


1. Power ON Intranet VM

Power ON Intranet VM

Return to the vSphere Web Client to Power ON the VM Intranet, which is hosted on the internal network to be used as part of the Web Reverse Proxy exercise.

  1. Click VM and Templates.
  2. Click Intranet.
  3. Click Power ON Icon.

2. Access Unified Access Gateway Administration Console

Access UAG Admin UI
  1. Click the New Tab button to open a new tab.
  2. Browse to or click the UAG Internal Admin Console bookmark.
  3. Enter admin for the username.
  4. Enter VMware1! for the password (created for the Admin API in the Deploy OVF Wizard).
  5. Click Login.

3. Select Configure Manually

Access Settings

Click Select on Configure Manually.

4. Access Reverse Proxy Settings

Acessing Reverse Proxy Settings
  1. Click the Show toggle by Edge Service Settings. After you click, it switches to Hide.
  2. Click the gear icon next to Reverse Proxy Settings.

5. Add Reverse Proxy Settings

Adding Reverse Proxy Settings

Click Add to create a new reverse proxy settings that can be used to access the intranet.

6. Define Features Used by Reverse Proxy

Enabling Reverse Proxy Settings

Click Enable Reverse Proxy Settings only. The toggle switches to YES.

The Unified Access Gateway identity bridging feature can be configured to provide single sign-on (SSO) to legacy Web applications that use Kerberos Constrained Delegation (KCD) or header-based authentication. However this feature is not enabled for this exercise.

7. Configure Intranet Reverse Proxy Settings

Configuring Intranet settings for Reverse Proxy
  1. Enter intranet for the Instance Id, which is a unique name to identify and differentiate a Web reverse proxy instance from all other Web reverse proxy instances.
  2. Enter http://intranet.corp.local for Proxy Destination URL, which represent the address of the Web Application.
  3. Enter (|/intranet(.*)|) for Proxy Pattern, which specifies that the matching URI paths will forward to the destination URL.
  4. Click Save.

Additional parameters can be configured for this type of reverse proxy. For more information, see Configure Reverse Proxy With VMware Identity Manager.

8. Close the Reverse Proxy Settings

Configuration saved sucessfully

Click Close.

9. Validating Reverse Proxy Configuration

Validating reverse proxy configuration for intranet
  1. Click the arrow down for the Reverse Proxy Settings.
  2. Click the refresh icon for the Edge Service Settings.
  3. Confirm the intranet proxy status is GREEN.

After you add the reverse proxy settings for intranet, the Unified Access Gateway appliance tests the communication between Unified Access Gateway appliance and intranet. The status turns GREEN if a connection is possible, and otherwise it shows RED.

Note: It can take a few minutes for the intranet proxy to show as GREEN. If you do not see it, click the refresh icon in Step #2 until you see the status change to either GREEN or RED.

10. Accessing Intranet through Reverse Proxy

Intranet access through Reverse Proxy
  1. Click the New Tab button to open a new tab.
  2. Enter in the address bar and press Enter.
    Note: resolves, which is associated to the Unified Access Gateway internet NIC.

The result is a sample intranet page hosted on an internal IIS Server.

  • Access to the intranet goes through Unified Access Gateway port 443, as result of the TLS port sharing configuration enabled by default during deployment.
  • Access to the Admin UI goes through Unified Access Gateway port 9443 and IP, associated with the internal NIC.


Add your comment

E-Mail me when someone replies to this comment

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.