The reverse proxy service controls requests from the Internet and forwards them to servers in an internal network. It routes multiple HTTP and HTTPS sites to each of their own internal servers and publishes Microsoft Exchange services such as Outlook Web Access (OWA) and Outlook Anywhere (previously RPC over HTTPS). It also monitors traffic, increases server efficiency by SSL off-loading and improves web server security using intrusion prevention system (IPS).
Note: To use the Reverse proxy service, you need a Unified Threat Management license.
Procedure
- On the SERVICES menu, under the Proxies submenu, click Reverse proxy.
- Under the Global options section, click Enable and choose the SSL certificate to use to cater for HTTPS sites that use an SSL certificate.
- Indicates whether to use the "Built-in" SSL certificate to cater for HTTPS sites that use an SSL certificate, or to use a "Custom certificate" and key file. The certificate and key you upload must be unencrypted, and password-less. It must also be in PEM format. You can use the XCA certificate and key management client to import and export your SSL certificates and key files to the PEM format.
- If you use a custom certificate, click Choose File and upload the certificate and key to use.
- To turn on intrusion prevention, and configure a failback address, click Advanced ».
- Make sure that Enable is selected.
- Enter the IP address of the web server to fail back to if a request doesn't match an address already configured. For example, 192.168.1.1 or IP address and port, for example, 192.168.1.1:1234.
- Click Save to save the global options.
- Under the Manage rule section, enter a meaningful name for the reverse proxy rule.
- Enter the URL, domain or IP address of the site that you want to publish.
- Enter the protocol with the IP address or IP address and port of the web server.
- Click Save. The Smoothwall turns on and deploys the reverse proxy service and lists it in the Rules area.
- External address: The URL, domain or IP address of the site that you want to publish using the following format: http://example.com, https://www.example.com/, http://.example.com or http://example.com/path/. You must include http or https in the address. You can also enter a path to the site that you want to publish in the URL. When configuring www.example.com and example.com, they're treated as distinct and separate sites, unless you use a wildcard character for the domain. To use a wildcard character, specify it as: .example.com.
- Internal address: The protocol with the IP address or IP address and port of the web server, for example, http://192.168.1.1, https://192.168.1.1, http://192.168.1.1:1234. A port number is optional on the internal address, you can specify custom destination ports for various internal web servers. If no port is specified, the Smoothwall defaults to 80 for HTTP sites and 443 for HTTPS sites.
- Repeat the steps to turn on, configure and deploy more rules.