Thread Info
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Is it possible to reverse proxy User Portal?

Slawski

I have ISP uplink with a single IP. I host a WebServer and I would like to publish User Portal too, but they can't share the same 443 port. I tried to define UTM as a WebServer, change User Portal listening port to 4443 and make a rule to publish it, but no luck.

I have another idea to use an internal reverse proxy server to loop back HTTP traffic back to XG ... but this may be tricky and user portal may not work with modified url - e.g.: https://public-host-name.domain.tld/xg-user-portal --> https://internal-proxy.domain.lan --> https://utm.domain.lan:4443.

Anyone here solved this puzzle ?



This thread was automatically locked due to age.
  • 0

    Slawski,

    from what you have written, you changed the User Portal to 4443 port on System > Administration > Settings, right? What happens when you try ti create a BAR HTTP Rule and test the connection?

    Thanks.

    • 0 in reply to lferrara

      Yes, this is what I did initially. Ensured User Portal is accessible from LAN side. Changed listening port to 4443. Check it works once again and then created business rule for HTTP service (HTTPS to be exact) pointing to host definition of LAN IP of XG.

      Then I fixed some problems with certificates - I'm using two different now: one for frontend service (WAN side) and one for appliance (User Portal and Admin Console). Both issued by the same CA, which is added to XG of course.


      But whatever I do I get error 503 - Service Unavailable:

      The server is temporarily unable to service your request due to maintenance downtime or capacity problems. Please try again later.

      I will have to try a trick with standalone ReverseProxy.

      Regards,
      Slawek

    • 0

      I don't know if this would help but...

      Go to System > Administration > Device Access.

      By default User Portal is only on LAN interfaces but it can be enabled for WAN.

      • 0 in reply to Michael Dunn

        Michael Dunn said:

        I don't know if this would help but...

        Go to System > Administration > Device Access.

        By default User Portal is only on LAN interfaces but it can be enabled for WAN.

        Michael,

        You missed my note about using a single IP address of my web server.

        Regards,
        Slawek

      • 0

        BTW: The Message ID from WAF log is 17071.

        Regards,
        Slawek

        • 0

          I tried to solve this on the UTM, where it was not possible to share the Port. I guess, it's the same on XG Firewall. If you find any solution, let me know.

          Please send me Spam gueselkuebel@sg-utm.also-solutions.ch

          • 0 in reply to HuberChristian

            Still no luck. I think this could be a good feature request but I doubt if it could have use in business environment where ISPs offer more than one IP. Small businesses on the other hand go to the cloud nowadays.

            The conclusion is that the User Portal must be accessible using non-standard port but this does mean that you wont be able to connect to home from your office as most companies will block non 443 HTTPS access - as I would do of course [:D]

            Regards,
            Slawek