PA 500, Hairpin routing and front ending certs

Reply
Highlighted
Not applicable

PA 500, Hairpin routing and front ending certs

I am trying to implement a Exchange 2010 setup and the consultant is asking if the PA can handle HairPin routng and if it can front end the certs for the Exchange systems. I haven't a clue and google results were less than clear,  so am turning to the forums and hopeing someone else does. Anyone?

L6 Presenter

Re: PA 500, Hairpin routing and front ending certs

I think you can solve that hairpinning with a DNAT rule if you need that (but I would prefer avoiding DNAT if possible).

By front ending certs I assume you mean that the PAN will do the SSL stuff so it is SSL between client and PAN and then just cleartext (or another SSL) between PAN and the Exchange server (so that the PAN can use appid on the traffic to only allow whatever its needed)? And yes PAN can do that (if im not mistaken this was improved in 4.0 or if it was 4.1 to have several certs which you in the decrypt rules choose which to use for which flow).

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!