Configuring Web Reverse Proxy to access non-SSL website (HTTP/Port 80)

At this point Unified Acces Gateway Appliance has been deployed and you already have access to the Administration console to add/change configurations of your Appliance.

This chapter you teach you how Unified Access Gateway can be used as a Web reverse proxy enabling access to a Internal website (Intranet) hosted on Internal server on port 80.

1. Access to the Reverse Proxy Settings

Acessing Reverse Proxy Settings
  1. Click the Show toggle by Edge Service Settings, clicking on it will cause it to switch to Hide.
  2. Click the Gear icon next to Reverse Proxy Settings.

2. Add Reverse Proxy Settings

Adding Reverse Proxy Settings

Our goal on this chapter is to enable external access to the Intranet website through the Unified Access Gateway, using the Reverse Proxy feature.

Click Add to create a new reverse proxy instance in to the reverse proxy settings, that instance will contain the configuration required to access the intranet.

3. Define Features Used by Reverse Proxy

Enabling Reverse Proxy Settings

In this step, click Enable Reverse Proxy Settings only. The toggle will switch to YES.

The Unified Access Gateway identity bridging feature can be configured to provide single sign-on (SSO) to legacy Web applications that use Kerberos Constrained Delegation (KCD) or header-based authentication, we will not enable this feature on this module, this will be covered on the following module.

4. Configuring Intranet Reverse Proxy Settings

Configuring Intranet settings for Reverse Proxy
  1. Enter intranet for the Instance Id, which is a unique name to identify and differentiate a Web reverse proxy instance from all other Web reverse proxy instances.
  2. Enter http://intranet.corp.local for Proxy Destination URL, which represent the address of the Web Application on the internal network.
  3. Enter (|/intranet(.*)|) for Proxy Pattern, which specifies the value in regular expression format that matches the URIs that are related to the Intranet URL (proxyDestinationUrl). For the Intranet Server, a forward slash intranet (/intranet) is the value to be used to access the Intranet home page when using the Unified Access Gateway appliance.
  4. Click Save.

 

Additional parameters can be configured for this type of reverse proxy, more information available here.

5. Close the Reverse Proxy Settings

Configuration saved sucessfully

Click Close.

6. Validating Reverse Proxy Configuration

Validating reverse proxy configuration for intranet
  1. Click on the arrow down for the Reverse Proxy Settings
  2. Click on the refresh icon for the Edge Service Settings
  3. Confirm the intranet proxy status is GREEN

After you added the reverse proxy settings for intranet, the UAG appliance tests the communication between UAG appliance and intranet and the status turn GREEN if a connection is possible, otherwise it will show RED.

NOTE - It may take a few minutes for the intranet proxy to show as GREEN.  If you do not see it, click the refresh icon in Step #2 until you see the status change to either GREEN or RED.

7. Access Intranet through Reverse Proxy

Intranet access through Reverse Proxy
  1. Click the New Tab button to open a new tab
  2. Enter https://uag.airwlab.com/intranet in the address bar and press Enter.
    NOTE - uag.airwlab.com resolves 192.168.110.20, which is associated to the UAG internet NIC.

The result is a sample intranet page hosted on an internal IIS Server.

  • Access to the intranet is going through UAG port 443, as result of the TLS port sharing configuration enabled by default during deployment.
  • Access to the Admin UI is going through UAG port 9443 and IP 172.168.0.20, associated to the internal NIC

0 Comments

Add your comment

E-Mail me when someone replies to this comment

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.