SyferLock Help Center

Setting up Juniper as a Reverse-Proxy to GridGuard

Assumptions

  • Juniper SA Device domain name:  sa.company.com
  • GridGuard Server external domain name: grid.company.com
  • GridGuard Server internal domain name: grid.company.net

Setting up the Reverse Proxy

  1. Create a virtual internal or external port on the IVE, as necessary (say VP1)
    Menu Option: Network > Internal Ports > Virtual Port or Network > External Ports > Virtual Port
    The IP referenced here should be the one associated with grid.company.com
  2. Create a host entry in the IVE for your gridguard server, grid.company.net.
    Menu Option: Network > Hosts
    This is necessary only if Juniper is unable to resolve grid.company.net using your DNS server
  3. Create a session only user role, say R1
    Menu Option: User Roles > New User Roles
    Check only 'Session Options'. Uncheck all other values.
  4. Create an authorization url with the following settings:
    Menu Option: Authentication > Signing In > Sign-In Policies > New URL
    User type: Authorization Only Access
    Virtual Hostname: grid.company.com
    Backend URL: https://grid.company.net:443/*
    Authorization Server: No Authorization
    Role option: Set to R1
    Protocol option: Uncheck Allow ActiveSync Traffic Only
  5. Get a SSL certficate for grid.company.com and map the same with VP1, the virtual port
  6. Update your external DNS server so grid.company.com is mapped to the same IP address specified in VP1
  7. Update the template zip file associated with the gridguard protected realm
    Modify the gridguardconfig.thtml file to set the gridguard property to gridguard="https://grid.company.com/gridguard/Start"
Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

Comments

Powered by Zendesk