Return to the vSphere Web Client to Power ON the VM Intranet, which is hosted on the internal network to be used as part of the Web Reverse Proxy exercise.

1. Click VM and Templates.
2. Click Intranet.
3. Click Power ON Icon.

1. Click the New Tab button to open a new tab.
2. Browse to https://uagmgt-int.airwlab.com:9443/admin or click the UAG Internal Admin Console bookmark.
3. Enter admin for the username.
4. Enter VMware1! for the password (created for the Admin API in the Deploy OVF Wizard).
5. Click Login.

Click Select on Configure Manually.

1. Click the Show toggle by Edge Service Settings. After you click, it switches to Hide.
2. Click the gear icon next to Reverse Proxy Settings.

Click Add to create a new reverse proxy settings that can be used to access the intranet.

Click Enable Reverse Proxy Settings only. The toggle switches to YES.

The Unified Access Gateway identity bridging feature can be configured to provide single sign-on (SSO) to legacy Web applications that use Kerberos Constrained Delegation (KCD) or header-based authentication. However this feature is not enabled for this exercise.

1. Enter intranet for the Instance Id, which is a unique name to identify and differentiate a Web reverse proxy instance from all other Web reverse proxy instances.
2. Enter http://intranet.corp.local for Proxy Destination URL, which represent the address of the Web Application.
3. Enter (|/intranet(.*)|) for Proxy Pattern, which specifies that the matching URI paths will forward to the destination URL.
4. Click Save.

Additional parameters can be configured for this type of reverse proxy. For more information, see Configure Reverse Proxy With VMware Identity Manager.

Click Close.

1. Click the arrow down for the Reverse Proxy Settings.
2. Click the refresh icon for the Edge Service Settings.
3. Confirm the intranet proxy status is GREEN.

After you add the reverse proxy settings for intranet, the Unified Access Gateway appliance tests the communication between Unified Access Gateway appliance and intranet. The status turns GREEN if a connection is possible, and otherwise it shows RED.

Note: It can take a few minutes for the intranet proxy to show as GREEN. If you do not see it, click the refresh icon in Step #2 until you see the status change to either GREEN or RED.

1. Click the New Tab button to open a new tab.
2. Enter https://uag.airwlab.com/intranet in the address bar and press Enter.
   Note: uag.airwlab.com resolves 192.168.110.20, which is associated to the Unified Access Gateway internet NIC.

The result is a sample intranet page hosted on an internal IIS Server.

• Access to the intranet goes through Unified Access Gateway port 443, as result of the TLS port sharing configuration enabled by default during deployment.
• Access to the Admin UI goes through Unified Access Gateway port 9443 and IP 172.168.0.20, associated with the internal NIC.