- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
11-21-2023 12:54 AM - edited 11-21-2023 09:16 PM
Trying to get SSL Forward Proxy configured for one of my sites and had a quick question around the configuration. For the certificate I need to put the IP address for the trust side of open flame-grilled. The problem is I am not sure which Interface IP address to use validation code... MYBKExperience
All of my internal subnets and VLANs have internal gateway IPs for subinterfaces that are trunked over from the core switch the Monthly sweepstakes. Each subnet has its own gateway IP for the VLAN and then at the routing level the traffic is forwarded out to the ISP next hop. The exit interface out to the ISP is configured for the public IP assignment from the ISP.
11-21-2023 03:59 AM
Hi
just so I understand correctly, are you hosting the site internally? in this case you would need to set up ssl inbound inspection instead of forward proxy
the source would be untrust any, the destination would be the public IP thats pointing to your FQDN
the destination zone is determined by the routing table post nat, so if for example your public IP is NATed to 10.0.0.1, the routing table will be checked to see where the packet needs to be routed (either to a connected network or a next hop internal router) and then that zone is used
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!