Multiple reverse proxies
Hi,
I have a single external IP and 2 internal servers:
one.mydomain.com
two.mydomain.com
I'd like to restrict external access to each server:
Any-External > one.mydomain.com
Single IP > two.mydomain.com
I've looked at using a reverse proxy but I can't see a way to restirct the inbound traffic by domain and unless I'm mistaken I can't use 2 reverse proxies.
Is what I'm asking possible?
Thanks in advance for any help.
T40 v12.10.4
0
Sign In to comment.
Comments
Use a standard HTTPS proxy with type = HTTPS-Server
There you can add items for different domain names which are used to identify the internal destination web server(s) and/or IP/addr/port of an internal web server.
See the "HTTPS server proxy action" section, here:
HTTPS-Proxy: Content Inspection
https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/Fireware/proxies/https/https_proxy_contentinspection_c.html
Thank you for your reply.
I may have misunderstood.
I think you're suggesting I use a single HTTPS proxy to restrict external access to each server. I'm not sure how this would work because the proxy's from field will need to be Any-External or the single IP (13.192.1.3).
Any external traffic (inc. 13.192.1.3) will be allowed to one.mydomain.com.
The only external traffic allowed to two.mydomain.com is from 13.192.1.3.
Does this help?
The correct answer is to have 2 HTTPS policies:
1) for the single IP addr - with a SNAT to 192.168.5.2
2) for the general access - with a SNAT to 192.168.5.1
Make sure that policy 1 ends up above policy 2
Thank you.
@Bruce_Briggs : 2 snat policies won't work with a single public ip address.
You will pass through the first snat 443 and that's it.
How will you try the second snat to check the 2nd reverseProxy ?
Policy 1: from a specific IP addr will be checked 1st and if the specific IP matches, that policy will be processed
Policy 2: from Any-external will be checked 2nd and will be processed for all source IP addrs other than the one in policy 1