cancel
Showing results for 
Search instead for 
Did you mean: 

acceess to web application through SA is takes longer time to page appears

jayLaiz_
Super Contributor

Re: acceess to web application through SA is takes longer time to page appears

Hi Andre,

 

Yes if you can do it via port method, you need to open the high port on the firewall but for the PTP method via hostname, the PTP virtual hostname needs a certificate tied to it and you also need to have an external dns entry for the same

 

So configuration wise, the port method is easier to implement but functionality wise it is the same

 

Regards,

Jay

andre_
Contributor

Re: acceess to web application through SA is takes longer time to page appears

Hi Jay,

 

Actually the current application is web using port 80 example : my.company.com ( this domain still publish to external DNS server for now. This domain will via SA for next, so we doing PoC to make sure can be implemented) later after we have make sure it can be secured through  SA then this domain : my.company.com will move to public IP of SA.

 

in this PoC we using one new ip public for SA and regarding your sugestion adding host entry (my.company.com pointing to public IP of SA) in pc and configure SA using hostname in PTP. is it right?

 

So i think if this can be done in PoC, better will be using hostname than using Via Port SA, because customer want for this change sttil want to keep user still access with the same name : my.company.com (with not adding port behind this domain, e.x : my.company.com : 11000).  can we do like this?

jayLaiz_
Super Contributor

Re: acceess to web application through SA is takes longer time to page appears

In that case, get another public IP, Create a virtual port on internal interface, NAT the second public IP to the internal virtual port IP on firewall,now create a PTP policy based on hostname with the the PTP hostname same as backend resource

 

For testing if PTP works first, yes you can use a host entry for  my.company.com to map to the SA' public IP but in production, it is not recommended to use the same public IP for PTP access

 

Regards,

Jay

andre_
Contributor

Re: acceess to web application through SA is takes longer time to page appears

Hi Jay,

 

So do you mean :

 

1. we can stiil use the same hostname for PTP which as same as hostname of backend server?

2. we have to add one more public IP for PTP besides public IP of SA ?

3. then this Public IP of PTP will publish to external dns server ( domain : my.company.com will publish using this public ip of PTP, not using public IP of internal interface SA ?

 

Thanks 

jayLaiz_
Super Contributor

Re: acceess to web application through SA is takes longer time to page appears

Users will not be accessing the resource using the public IP for PTP.So user access the SA using its public url, get authenticated to SA and then users can be set a start page under the role to http://my.company.com or given a bookmark, then they will be redirected to the PTP hostname i.e https://my.company.com and this traffic is encrypted traffic and is being encrypted through the SSL session established when user logged into the SA device

 

Yes,then this Public IP of PTP will publish to external dns server but this is not the public IP for the web server so users have to hit to SA to access the resource via the SA 's intrenal interface

 

Yes,you have to add one more public IP for PTP besides public IP of SA. You do not want all users to access the SA using my.company.com.you can use teh same public IP and add the dns entry to the SA' same public IP but you will have 2 url's mapped to same IP and you will need a wild card certificate if you do not want users to see certificate errors

 

Yes,you can stiil use the same hostname for PTP which as same as hostname of backend server

 

Regards,

Jay

andre_
Contributor

Re: acceess to web application through SA is takes longer time to page appears

Hi Jay,

 

We just want to use 1 url map to PTP public IP.

 

What is the disadvaantange if using the same public IP for SA and PTP?

 

can i create certificate for wildcard using openssl?

and if using virtual hostname, is it have to bind the certitifacte to this virtual hostname? or if just using virtual port  we should have to bind certificate to this virtual port?

 

thanks 

andre_
Contributor

Re: acceess to web application through SA is takes longer time to page appears

Hi Jay,

 

I have configured virtual hostname for PTP in SA and configure host entry in PC mapping to public ip of SA (using your pdf guide). but when try to access the virtual hostname from browser: the certicate warning in browser appears as usual and click continue  but after that the page login did not show up.

 

what is the problem ?

jayLaiz_
Super Contributor

Re: acceess to web application through SA is takes longer time to page appears

Try accessing using the SA' URL or public IP.log in to the SA and then click on the bookmark for the web rsource and try

 

Regards,

Jay

andre_
Contributor

Re: acceess to web application through SA is takes longer time to page appears

Hi Jay,

 

I've configured ptp using virtual hostname : test.company.com and the web resource is http://my.company.com. Add host entry in my pc ex: 2.2.2.2 for test.company.com (2.2.2.2 is SA public IP). 

I tried access from browser : test.company.com but cannot  appears the login page. Is it something missing in my confguration?

 

jayLaiz_
Super Contributor

Re: acceess to web application through SA is takes longer time to page appears

Fow now, can you just access the SA's URL and log into SA and provide a bookmark for the resource and access it that way

 

If you want users to access the SA using the PTP hostname, you will have to create a sign in policy for the PTP hostname so that it is a sign in URL

 

Thanks,

Jay