PA 500, Hairpin routing and front ending certs

Showing results for 
Show  only  | Search instead for 
Did you mean: 
Please sign in to see details of an important advisory in our Customer Advisories area.

PA 500, Hairpin routing and front ending certs

Not applicable

I am trying to implement a Exchange 2010 setup and the consultant is asking if the PA can handle HairPin routng and if it can front end the certs for the Exchange systems. I haven't a clue and google results were less than clear,  so am turning to the forums and hopeing someone else does. Anyone?


L6 Presenter

I think you can solve that hairpinning with a DNAT rule if you need that (but I would prefer avoiding DNAT if possible).

By front ending certs I assume you mean that the PAN will do the SSL stuff so it is SSL between client and PAN and then just cleartext (or another SSL) between PAN and the Exchange server (so that the PAN can use appid on the traffic to only allow whatever its needed)? And yes PAN can do that (if im not mistaken this was improved in 4.0 or if it was 4.1 to have several certs which you in the decrypt rules choose which to use for which flow).

  • 1 replies
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!