I'm trying to use passthrough proxy on a MAG-2600 SA to have an external app hit a deep link to a backend web server behind the firewall. The passthrough proxy policy and web acl are set up correctly. We have a external DNS entry set up for the virtual host with a domain that matches the SA hostname and it we hit the URL from the outside it does in fact land at the default sign-on page. We want to use a different auth server from the default for this and I thought I could make it work by defining a sign-on policy for the virtual host and prioritizing it above the */ default sign-on policy. Even so, we always land at the default sign-on page and user realm.
For example, SA hostname is vpn.company.com and the deep link a base of https://kiosk.company.com, where kiosk.company.com is a CNAME for vpn.company.com. I have a sign-on policy like:
kiosk.company.com/ that uses a different sign-on page and user realm, followed by
and the other wildcard host policies.
Is there a way to use a different sign-on page and user-realm for passthrough proxies? Thanks!