Re: Configuration in a pseudo reverse mode
Posted: 17 Sep 2015 13:32
Hi David,
The CacheGuard is not cabled in yet. Our expectation is that on the inside of the network, we would have a private address in the 10.2.0.0/23 network and on the outside - pointing to the router, we would have a public ip address. We need a recommendation as to which one we call "internal" and which one we call "external" since this is not clearly a forward or reverse proxy.
The pre-authentication splash screen contains standard URL references using FQDNs. These resolve into a potentially large number of seemingly random ip addresses. The firewall will only accept ip addresses, port numbers and protocol numbers - it will not accept FQDNs in its configuration. It is a captive firewall in the WLAN controller and we cannot change thatge the FQDNs in the splash screens to a fixed ip address which would point to the inside port on the proxy. This ip address would also be in the firewall whitelist. The proxy would translate the ip address in the URL to the FQDN form in order to retrieve the content and relay it back to the client such that it appears to be coming from the inside ip address of the proxy.
The ID would be in whatever certificate is used by the content provider - we are not providing the certificate - self signed or otherwise.
We wanted to understand the capabilities before we implement.
The CacheGuard is not cabled in yet. Our expectation is that on the inside of the network, we would have a private address in the 10.2.0.0/23 network and on the outside - pointing to the router, we would have a public ip address. We need a recommendation as to which one we call "internal" and which one we call "external" since this is not clearly a forward or reverse proxy.
The pre-authentication splash screen contains standard URL references using FQDNs. These resolve into a potentially large number of seemingly random ip addresses. The firewall will only accept ip addresses, port numbers and protocol numbers - it will not accept FQDNs in its configuration. It is a captive firewall in the WLAN controller and we cannot change thatge the FQDNs in the splash screens to a fixed ip address which would point to the inside port on the proxy. This ip address would also be in the firewall whitelist. The proxy would translate the ip address in the URL to the FQDN form in order to retrieve the content and relay it back to the client such that it appears to be coming from the inside ip address of the proxy.
The ID would be in whatever certificate is used by the content provider - we are not providing the certificate - self signed or otherwise.
We wanted to understand the capabilities before we implement.