This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Reverse Proxy for Skype for Business 2016

Trying to get UTM 9.5 to work as the reverse proxy for our Skype for Business 2015 Frontend. Skype is set up and working and UTM works until we get to the certificate. When an external client hits one of the simple URLs such as meet.domain,com the client receives the internal CA Certificate that is installed on the Skype Front end not the public SSL certificate installed on the UTM. Microsoft recommends that the Skype Front end have a certificate from the internal CA and the reverse proxy have a publicly recognized certificate. The question is to get this to work do I need to replace the internal CA certificate on the Front end with the public certificate for this to work? If anyone has tis working it this what you needed to do?



This thread was automatically locked due to age.
  • Hi Andy and welcome to the UTM Community!

    I'm confused that the external client appears to be reaching meet.domain.com directly instead of through the reverse proxy.  Does #2 in Rulz point you towards a resolution?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • The UTM revetse proxy and its certificate only gives you access to one machine, such as skypefrontend.mycompany.com.

    From your description, it appears that the rest of the solution depends on a form of https inspection using a root certificate to imitate other servers.  That architecture always requires every client to have the root CA installed on every  client device, including remote devices.   You will need to contact Microsoft experts to see if they have an alternate technique.   It is not a UTM issue or a oroblem that UTM can solve.

  • Thanks for the information so far. Sophos has a procedure sheet specifically for creating all the changes necessary for this to work but other than putting the certificate on the UTM and associating it to the correct https rule it does not say much else. I have seen others report they have this working and was hoping to hear from someone who has successfully implemented it.