Configure Transparent SSL forward proxy with authentication


Article ID: 166473


Updated On:


Advanced Secure Gateway Software - ASG ProxySG Software - SGOS


Configure an SSL Forward Proxy with authentication in a transparent deployment. (For an explicit deployment, see How to Set Up Explicit SSL Forward Proxy with Authentication)



 Follow the high-level steps below to set up SSL forward proxy in a transparent deployment. For step-by-step instructions, see the attached document.

  1. Create a keyring and define a certificate.
  2. Use VPM to create SSL policy:
    1. Add an SSL Intercept Layer, specify an SSL Forward Proxy Action, and select the keyring created in step 1
    2. Add an SSL Access Layer, set the Action to Disable Server Certificate Validation
    3. Install the policy
  3. Import the certificate on all computers.
  4. Define a virtual IP on the ProxySG.
  5. Create an HTTPS reverse proxy service port with the virtual IP on port 4433 or any unused port. Tie the keyring created in step 1 into the service.
  6. Create an SSL service that listens on all IP addresses on port 443. This service will be used to intercept connections to HTTPS sites.
  7. Create a realm for the authentication protocol.
    1. Define the virtual URL as the HTTPS reverse proxy
    2. Define this same virtual URL for the transparent proxy
  8. Use VPM to create Web Authentication policy:
    1. Add a Web Authentication LayerOrigin cookie redirect or Origin IP redirect 
    2. Enforce authentication by creating an Authenticate/Force Authenticate Action. Mode=Origin cookie redirect or Origin IP redirect 
    3. Install policy
  9. Import the ProxySG self-signed certificate into IE




SSL Forward Proxy with Authentication.pd get_app