Solutions

Writing policy to enable SSL Proxy functionality using Visual Policy Manager (VPM)

Solutions ID:    KB3716
Version:    2.0
Status:    Published
Published date:    03/03/2010
Updated:    03/05/2010
 

Problem Description

Writing policy to enable SSL Proxy functionality using Visual Policy Manager (VPM)
How do I enable SSL proxy functionality in VPM?

Resolution

For full details on how to setup and configure SSL proxy for transparent interception and transparent authentication using an SSL certificate issued from a Microsoft PKI server, please see KB3700.

1.)  From the Management Console (https://<ip.address.of.proxysg>:8082) go to the Configuration tab > Policy > Visual Policy Manager > Launch.  This will launch the Visual Policy Manager (VPM) application.

2.)  From the Policy menu, select "Add Web Authentication Layer".  You will be creating a combined object containing two request URL objexts:  HTTPS, and HTTP.

3.)  Right-click the Destination cell and select Set > New > Request URL.

4.)  Select "Advanced Match".  In the Name field, type url_scheme_https.  From the Scheme drop-down list, select https.

5.)  Click Add to add the Request URL Object for HTTPS.

6.)  Now, repeat the same procedure to add a request URL object for HTTP.

7.)  Select Advanced Match.  In the Name field, type url_scheme_http.  From the scheme drop-down list, select http.

8.)  Click Add and then Close.  You should now see both url_scheme_http and url_scheme_https in the Set Destination Object dialog.

9.)  Click New > Combined Destination Object.  In the Name field, type url_schemes_http_https

10.)  Shift-click to select both url_scheme_http and url_scheme_https and then click Add.

11.)  Click OK to add the Combined Destination Object to the Web Access Layer, and then click OK to close the Set Destination Object dialog.

12.)  Right-click the Action cell and select Set.

13.)  Click New and select Authenticate

14.)  Specify the desired Realm and select a redirect Mode:

  • origin-cookie-redirect:  Where the client is redirected to a virtual URL to be authenticated, and cookies are used as the surrogate credential.
  • origin-ip-redirect:  (insecure) where the client is redirected to a virtual URL to be authenticated, and the client ip_address is used as a surrogate credential.
  • form-cookie-redirect:  Where a form is presented to collect the user's credentials.  The user is redirected to the authentication virtual URL before the form is presented.
  • form-ip-redirect:  (insecure) where the user is redirected to the authentication virtual URL before the form is presented.

 

15.)  In this example, the mode is set to origin-cookie-redirect

16.)  Click OK to add the authentication object, and then click OK to close the Set Destination Object dialog.

17.)  From the Policy menu, select Add SSL Intercept Layer.

18.)  Right-click the Action cell and select Set > New > Enable HTTPS Interception.

19.)  Click OK to add the interception object, and then click OK to close the Set Action Object dialog.

20.)  In the Visual Policy manager, click Install Policy.

21.)  Test.


Rate this Page

Please take a moment to complete this form to help us better serve you.

Did this document help answer your question?
 
 
If you are finished providing feedback, please click the RATE CONTENT button. Otherwise, please add more detail in the following text box and then click RATE CONTENT.
 
 

Your response will be used to improve our document content.

Ask a Question