Configuring Web Reverse Proxy to access SSL website (HTTPS/Port 443)

In order to access a internal SSL website, an additional configuration is required to establish trust between Unified Access Gateway and the internal website, this chapter will explain how configure that using the current Intranet Reverse Proxy instance.

1. Access to the Reverse Proxy Settings

Acessing Reverse Proxy Settings

Return to the UAG Admin UI.

Click the Gear icon next to Reverse Proxy Settings

2. Add Reverse Proxy Settings

Access the instance configuration

Our goal on this chapter is to enable external access to the Intranet SSL website through the Unified Access Gateway Appliance, using the Reverse Proxy feature.

Click the Gear icon to change the configuration settings for the Intranet instance.

3. Configuring Intranet Reverse Proxy Settings

Configuring Intranet settings for Reverse Proxy
  1. Change the Proxy Destination URL to https://intranet.corp.local.
  2. Enter sha1=1a bd c3 3d be dd 1e 4a 57 ae 54 9b d7 8a 8c 20 cb 40 a5 59 for Proxy Destination URL Thumbprints, which represents the list of acceptable SSL server certificate.
  3. Click Save

NOTE - A thumbprint is in the format [alg=]xx:xx, where alg can be sha1, the default, or md5. The 'xx' are hexadecimal digits. The ':' separator can also be a space or missing. The case in a thumbprint is ignored. If you do not conęgure the thumbprints, the server certificates must be issued by a trusted CA.

Additional parameters can be configured for this type of reverse proxy, more information available here.

4. Close the Reverse Proxy Settings

Configuration saved sucessfully

Click Close.

5. Validating Reverse Proxy Configuration

Validating reverse proxy configuration for intranet
  1. Click on the arrow down for the Reverse Proxy Settings
  2. Click on the refresh icon for the Edge Service Settings
  3. Confirm the intranet proxy status is GREEN

After you added the reverse proxy settings for intranet, the UAG appliance tests the communication between UAG appliance and intranet and the status turn GREEN if a connection is possible, otherwise it will show RED.

NOTE - It may take a few minutes for the intranet proxy to show as GREEN.  If you do not see it, click the refresh icon in Step #2 until you see the status change to either GREEN or RED.

6. Accessing Intranet through Reverse Proxy

Intranet access through Reverse Proxy
  1. Click the New Tab button to open a new tab
  2. Enter https://uag.airwlab.com/intranet in the address bar and press Enter.
    NOTE - uag.airwlab.com resolves 192.168.110.20, which is associated to the UAG internet NIC.

The result is the same intranet page hosted on an internal IIS Server that you set on previous module, however UAG is now hitting the intranet on port 443 via HTTPS.

  • Access to the intranet is going through UAG port 443, as result of the TLS port sharing configuration enabled by default during deployment.
  • Access to the Admin UI is going through UAG port 9443 and IP 172.168.0.20, associated to the internal NIC

0 Comments

Add your comment

E-Mail me when someone replies to this comment

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.