My proxy is on DMZ and I wanted to tunnel port 22 going to backend SSH server
I have reverse proxy configuration for https to http traffic currently. How do I configure reverse proxy that is located on DMZ going to back end SSH server without interfering with current reverse proxy configuration.
By default, ProxySG has listener on port 22 as ssh-console. It is strongly suggest to use different proxy listener aside from port 22.
** Create a new VIP on proxy. This VIP should be on same segment of default gateway configured on proxy
MC - Configuration - Advanced - VIPs - click New - put the virtual IP address you wanted to use for listener and click ok and apply.
** Configure proxy service port for the VIP created. As an example, port 2222 will be use as a listener.
Go to MC - Configuration - Services - Proxy Services. Click "New Service" and fill in information for this new service:
Name - name of the service e.g. SSH_tunnel
Service Group - Tunnel Recommended
* Proxy setting
Proxy - TCP tunnel
All options could be left uncheck
Source could be ALL (these are IPs coming from WAN/Internet side)
Destination - choose "destination host or subnet" and put in the VIP created earlier
Port range - 2222
Action - Intercept
Click ok, ok and apply
** Create forwarding host
MC - Configuration - Forwarding - Forwarding Hosts - Forwarding Hosts - click new
Fill in information for this forwarding host; as an example
Alias - myfwdhost4ssh
Host - ip address (or host name) of the SSH backend server. If you are using host name, makes sure this are resolvable by DNS server configured on the proxy
Type - Server
Port - 22
Load Balancing and host affinity could be left as default
Click ok and apply
** Create a rule on the VPM, Forwarding layer to forward request to back end server
The triggers should be a combined destination object for the VIP AND port 222
Action - choose the forwarding host created (myfwdhost4ssh)
If your default policy is "deny", make sure request will be allowed on the policy (Web Access Layer)