Setting up Juniper as a Reverse-Proxy to GridGuard
Juniper SA Device domain name: sa.company.com
GridGuard Server external domain name: grid.company.com
GridGuard Server internal domain name: grid.company.net
Setting up the Reverse Proxy
Create a virtual internal or external port on the IVE, as necessary (say VP1) Menu Option: Network > Internal Ports > Virtual Port or Network > External Ports > Virtual Port The IP referenced here should be the one associated with grid.company.com
Create a host entry in the IVE for your gridguard server, grid.company.net. Menu Option: Network > Hosts This is necessary only if Juniper is unable to resolve grid.company.net using your DNS server
Create a session only user role, say R1 Menu Option: User Roles > New User Roles Check only 'Session Options'. Uncheck all other values.
Create an authorization url with the following settings: Menu Option: Authentication > Signing In > Sign-In Policies > New URL User type: Authorization Only Access Virtual Hostname: grid.company.com Backend URL: https://grid.company.net:443/* Authorization Server: No Authorization Role option: Set to R1 Protocol option: Uncheck Allow ActiveSync Traffic Only
Get a SSL certficate for grid.company.com and map the same with VP1, the virtual port
Update your external DNS server so grid.company.com is mapped to the same IP address specified in VP1
Update the template zip file associated with the gridguard protected realm Modify the gridguardconfig.thtml file to set the gridguard property to gridguard="https://grid.company.com/gridguard/Start"