PTP - Is it possible?

  • Hi,

    I have an internal web server ( I currently expose this web server out to the internet using Microsoft ISA. The ISA server performs the SSL, authenticates the user and then forwards onto internal web server. I would now like my juniper SA6000 appliance to perform the role of the ISA so that i can decommission the ISA server.

    The KEY requirements for me are:

    1 - The juniper performs minimal re-writing
    2 - The external and internal URL must be the same. If an internal user sends the link to an external user then the external user should get prompted by the juniper for authentication and then forwarded onto when they click on the link.
    I have tried to use PTP but it looks as though the external URL (virtual hostname) must be different to the internal URL.

    Is this possible using Juniper IVE? can I perform true reverse/pass-through proxy?

    Thanks in advance.


  • Another option would be to auto-launch SAM or NC.  Then just set all web bookmarks to ‘Don’t rewrite (with redirect)’, and preferably to open in a new window as well.

  • well….
    normally you don’t want hosts to have identical names internally and externally. Why not change it?
    There are numerous issues in all sorts of applications, but this is off topic.

    The IVE depends on the DNS to preform tasks.
    It think it could be possible if you leave the internal hostname blank. and allow external DNS servers to resolve to your SA. Setup the SA to refer only to your internal DNS servers giving the reply for, so routing is ok.
    There rest is regular reverse proxy stuff with certificates and virtual ports on the external interface of the SA.

    The other option (redirect to internal ip directly) i think will not work the way you describe. it will do requests as

    The only way to know for sure is try it! Good luck and let us know 🙂

  • Hi

    <bump>Any suggestions?