- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
Enhanced Security Measures in Place: To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.
02-22-2018 09:58 AM
We have few legacy internal applications listening on a various TCP ports. Now we have a requirement to connect to these applications from a cloud vendor externally. There is no option to setup a site-to-site IPSec VPN tunnel to the cloud so we need to expose this server to internet securly. Can Palo alto act as a proxy for inbound traffic hosting the CA cerificate for the internal applications, decrypt and and send the decrypted packet to the internal server? Any documentation with configuration steps?
02-22-2018 10:09 AM
Hi @ganees
This does not sound like a job for paloalto. The better choice would be a reverse proxy like a Citrix Netscaler. Of course also an Apache or nginx webserver can be configured to do this job. Or a Kemp Loadmaster which (depending ond the bandwith you need) is also available for free: https://freeloadbalancer.com
02-22-2018 11:28 AM
Not sure if the SSL Decryption Broker feature coming in PanOS 8.1 will allow this.
I'm intrigued to find out myself, especially if there is a simple load balancer feature in it.
02-22-2018 12:07 PM
Thanks for your response. I thought the same but was curious if Palo can do it.
02-22-2018 12:15 PM - edited 02-22-2018 12:33 PM
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!