Configure Transparent SSL forward proxy with authentication

book

Article ID: 166473

calendar_today

Updated On:

Products

Advanced Secure Gateway Software - ASG ProxySG Software - SGOS

Issue/Introduction

Configure an SSL Forward Proxy with authentication in a transparent deployment. (For an explicit deployment, see How to Set Up Explicit SSL Forward Proxy with Authentication)

 

Resolution

 Follow the high-level steps below to set up SSL forward proxy in a transparent deployment. For step-by-step instructions, see the attached document.

  1. Create a keyring and define a certificate.
  2. Use VPM to create SSL policy:
    1. Add an SSL Intercept Layer, specify an SSL Forward Proxy Action, and select the keyring created in step 1
    2. Add an SSL Access Layer, set the Action to Disable Server Certificate Validation
    3. Install the policy
  3. Import the certificate on all computers.
  4. Define a virtual IP on the ProxySG.
  5. Create an HTTPS reverse proxy service port with the virtual IP on port 4433 or any unused port. Tie the keyring created in step 1 into the service.
  6. Create an SSL service that listens on all IP addresses on port 443. This service will be used to intercept connections to HTTPS sites.
  7. Create a realm for the authentication protocol.
    1. Define the virtual URL as the HTTPS reverse proxy
    2. Define this same virtual URL for the transparent proxy
  8. Use VPM to create Web Authentication policy:
    1. Add a Web Authentication LayerOrigin cookie redirect or Origin IP redirect 
    2. Enforce authentication by creating an Authenticate/Force Authenticate Action. Mode=Origin cookie redirect or Origin IP redirect 
    3. Install policy
  9. Import the ProxySG self-signed certificate into IE

 

 
 

Attachments

SSL Forward Proxy with Authentication.pd get_app