Configuring Web Reverse Proxy to access SSL website (HTTPS/Port 443)
In order to access a internal SSL website, an additional configuration is required to establish trust between Unified Access Gateway and the internal website, this chapter will explain how configure that using the current Intranet Reverse Proxy instance.
1. Access to the Reverse Proxy Settings
Return to the UAG Admin UI.
Click the Gear icon next to Reverse Proxy Settings
2. Add Reverse Proxy Settings
Our goal on this chapter is to enable external access to the Intranet SSL website through the Unified Access Gateway Appliance, using the Reverse Proxy feature.
Click the Gear icon to change the configuration settings for the Intranet instance.
3. Configuring Intranet Reverse Proxy Settings
- Change the Proxy Destination URL to
sha1=1a bd c3 3d be dd 1e 4a 57 ae 54 9b d7 8a 8c 20 cb 40 a5 59for Proxy Destination URL Thumbprints, which represents the list of acceptable SSL server certificate.
- Click Save
NOTE - A thumbprint is in the format [alg=]xx:xx, where alg can be sha1, the default, or md5. The 'xx' are hexadecimal digits. The ':' separator can also be a space or missing. The case in a thumbprint is ignored. If you do not conęgure the thumbprints, the server certificates must be issued by a trusted CA.
Additional parameters can be configured for this type of reverse proxy, more information available here.
4. Close the Reverse Proxy Settings
5. Validating Reverse Proxy Configuration
- Click on the arrow down for the Reverse Proxy Settings
- Click on the refresh icon for the Edge Service Settings
- Confirm the intranet proxy status is GREEN
After you added the reverse proxy settings for intranet, the UAG appliance tests the communication between UAG appliance and intranet and the status turn GREEN if a connection is possible, otherwise it will show RED.
NOTE - It may take a few minutes for the intranet proxy to show as GREEN. If you do not see it, click the refresh icon in Step #2 until you see the status change to either GREEN or RED.
6. Accessing Intranet through Reverse Proxy
- Click the New Tab button to open a new tab
https://uag.airwlab.com/intranetin the address bar and press
NOTE - uag.airwlab.com resolves 192.168.110.20, which is associated to the UAG internet NIC.
The result is the same intranet page hosted on an internal IIS Server that you set on previous module, however UAG is now hitting the intranet on port 443 via HTTPS.
- Access to the intranet is going through UAG port 443, as result of the TLS port sharing configuration enabled by default during deployment.
- Access to the Admin UI is going through UAG port 9443 and IP 184.108.40.206, associated to the internal NIC