Configuring Web Reverse Proxy to access non-SSL website (HTTP/Port 80)
At this point, the Unified Access Gateway has been deployed and you are able to access the Unified Access Gateway administration console to add and change configurations of your Unified Access Gateway appliance.
This exercise shows you how Unified Access Gateway can be used as a Web reverse proxy, and can act as either a plain reverse proxy or an authenticating reverse proxy in the DMZ. In this exercise, you learn how to set up a plain reverse proxy.
1. Access to the Reverse Proxy Settings
- Click the Show toggle by Edge Service Settings, clicking on it will cause it to switch to Hide.
- Click the Gear icon next to Reverse Proxy Settings.
1.1. Add Reverse Proxy Settings
Our goal on this chapter is to enable external access to the Intranet website through the Unified Access Gateway Appliance, using the Reverse Proxy feature.
Click Add to create a new reverse proxy instance in to the reverse proxy settings, that instance will contain the configuration required to access the intranet.
1.2. Define Features Used by Reverse Proxy
In this step, click Enable Reverse Proxy Settings only. The toggle will switch to YES.
The Unified Access Gateway identity bridging feature can be configured to provide single sign-on (SSO) to legacy Web applications that use Kerberos Constrained Delegation (KCD) or header-based authentication. You will not enable this feature in this exercise, but will be covered in the following module.
1.3. Configuring Intranet Reverse Proxy Settings
intranetfor the Instance Id, which is a unique name to identify and differentiate a Web reverse proxy instance from all other Web reverse proxy instances.
http://intranet.corp.localfor Proxy Destination URL, which represent the address of the Web Application.
(|/intranet(.*)|)for Proxy Pattern, which specifies that the matching URI paths will forward to the destination URL.
- Click Save
Additional parameters can be configured for this type of reverse proxy, more information available here.
1.4. Close the Reverse Proxy Settings
2. Validating Reverse Proxy Configuration
- Click on the arrow down for the Reverse Proxy Settings
- Click on the refresh icon for the Edge Service Settings
- Confirm the intranet proxy status is GREEN
After you added the reverse proxy settings for intranet, the Unified Access Gateway appliance tests the communication between appliance and intranet and the status turn GREEN if a connection is possible, otherwise it will show RED.
NOTE - It may take a few minutes for the intranet proxy to show as GREEN. If you do not see it, click the refresh icon in Step #2 until you see the status change to either GREEN or RED.
3. Access Intranet through Reverse Proxy
- Click the New Tab button to open a new tab.
https://uag-internet.corp.local/intranet/in the address bar and press
uag-internet.corp.localhostname resolves to the Internet facing NIC that you deployed the Unified Access Gateway on (192.168.110.150).
The result is a sample intranet page hosted on an internal IIS Server.
- Access to the intranet site is going through UAG over port 443 as result of the TLS port sharing configuration enabled by default during deployment.
- Access to the Admin UI is going through UAG port 9443 to uag-intranet.corp.local (192.168.120.160).