Hi, I'm trying to set up an SA-2000 as a transparent reverse proxy to enable external access to an internal site. I want users to be redirected for authentication when they first hit the virtual host, and from there on, to access the site transparently. On the internal DNS server, I have foo.company.com established, pointing to the foo application (192.168.1.100). The SA-2000 is configured with an external IP address of (1.2.3.4) and an external virtual port of (5.6.7.8). On the external DNS server, I have foo.company.com pointing to 5.6.7.8. From there, I create a Resource Profile for Foo, where the base URL is https://foo.company.com (which is the 192.168.1.100, internal destination). The Web Access Control is set to https://foo.company.com:443/* ALLOW, and the rewriting is set to Passthrough Proxy with a virtual host of foo.company.com. I do not have any of the checkboxes checked under rewriting. Now, here's where things aren't working. First, when I access https://foo.company.com, I do not get redirected to https://vpn.company.com to sign in; instead, I'm redirected to https://foo.company.com/dana-na/home/launch/.cgi?url=https://foo.company.com%2F, which starts a redirect loop. If I login first and click on the web bookmark (or change the URL manually), I get into the same redirect loop. I don't think this will matter, but full disclosure is good when asking for help. I'm doing this for a proof of concept, and don't have the network set up exactly like I described above. (Above is how I'll set it up once it's been proven out.) Instead, the whole thing exists on the internal network. The external address is bogus, and I'm playing with my local hosts file to trick out foo.company.com to be IP of the virtual port assigned to the SA-2000. The setup works when I do URL rewriting, so I don't think it's an issue of connectivity. Any help or insight would be fine. I read over the administration guide, which wasn't much help. Thank you, Mike
... View more