SSL Forward Proxy Configuration Question

davidadley — Wed, 22 Nov 2023 05:16:49 GMT

Trying to get SSL Forward Proxy configured for one of my sites and had a quick question around the configuration. For the certificate I need to put the IP address for the trust side of open flame-grilled. The problem is I am not sure which Interface IP address to use validation code... MYBKExperience

All of my internal subnets and VLANs have internal gateway IPs for subinterfaces that are trunked over from the core switch the Monthly sweepstakes. Each subnet has its own gateway IP for the VLAN and then at the routing level the traffic is forwarded out to the ISP next hop. The exit interface out to the ISP is configured for the public IP assignment from the ISP.

Re: SSL Forward Proxy Configuration Question

reaper — Tue, 21 Nov 2023 11:59:15 GMT

just so I understand correctly, are you hosting the site internally? in this case you would need to set up ssl inbound inspection instead of forward proxy

the source would be untrust any, the destination would be the public IP thats pointing to your FQDN

the destination zone is determined by the routing table post nat, so if for example your public IP is NATed to 10.0.0.1, the routing table will be checked to see where the packet needs to be routed (either to a connected network or a next hop internal router) and then that zone is used

topic Re: SSL Forward Proxy Configuration Question in VM-Series in the Public Cloud

SSL Forward Proxy Configuration Question

Re: SSL Forward Proxy Configuration Question