cancel
Showing results for 
Search instead for 
Did you mean: 

PCS as Reverse proxy with authentification only access problem

SOLVED
Highlighted
Occasional Contributor

PCS as Reverse proxy with authentification only access problem

Hi Everybody,


I got an issue on my PCS. I want to set my PSA3000 as a reverse proxy using the sign in policy "Authentification Only Access". I explain my case :

I got three applications with webserver in my DMZ, all have their own certificate :

www.mydomain.fr (used by internal port)

myapp1.mydomain.fr (used by virtual port 1)

myapp2.mydomain.fr (used by virtual port 2)

Thoses three DNS name are redirected toward a unique external public IP Adress.

My firewall in front of the PCS redirected all traffic "https://*.mydomain.fr" to my external public IP adress toward the internal port of my PCS. In this case, my setting of sign in policy( Auhtorization only access) works because I 'm redirected to my app1 BUT I got an certificate warning. I understand that is because the internal port use the certificate of "www.mydomain.fr" and not the app1 one.

So, I set the virtual port with their certificate on the PCS. On my firewall, I redirect a port I choose like 4445 for example and then, the user try to connect to "https://myapp1.mydomain.fr:4446", my firewall do the NAT job and redirect this to the virtual port 1 so with his certificate I got no warning this time but the PCS doesn't do the job and don't redirect to my app1. Do you know why ? Or having some solutions ?

Thank's in advance.

2 REPLIES 2
Moderator

Re: PCS as Reverse proxy with authentification only access problem

Unfortunately, the PCS web server is able to handle inbound traffic only on port 443 (except in the special case of passthrough proxy using a port between 11000-11099).
am i correctly interpreting your note to mean that the primary certificate is neither a wildcard nor SNI-enabled for the three application/domains needed?
Occasional Contributor

Re: PCS as Reverse proxy with authentification only access problem

Thank's for your response, you are correctly interpreting. Sorry, I only see your message now.