Writing policy to enable SSL Proxy functionality using Visual Policy Manager (VPM)

Solution

Overview

Writing policy to enable SSL Proxy functionality using Visual Policy Manager (VPM)
How do I enable SSL proxy functionality in VPM?

Cause
Resolution

For full details on how to setup and configure SSL proxy for transparent interception and transparent authentication using an SSL certificate issued from a Microsoft PKI server, please see 000008716.

1.)  From the Management Console (https://<ip.address.of.proxysg>:8082) go to the Configuration tab > Policy > Visual Policy Manager > Launch.  This will launch the Visual Policy Manager (VPM) application.

2.)  From the Policy menu, select "Add Web Authentication Layer".  You will be creating a combined object containing two request URL objexts:  HTTPS, and HTTP.

3.)  Right-click the Destination cell and select Set > New > Request URL.

4.)  Select "Advanced Match".  In the Name field, type url_scheme_https.  From the Scheme drop-down list, select https.

User-added image

 

5.)  Click Add to add the Request URL Object for HTTPS.

6.)  Now, repeat the same procedure to add a request URL object for HTTP.

7.)  Select Advanced Match.  In the Name field, type url_scheme_http.  From the scheme drop-down list, select http.

User-added image

 

8.)  Click Add and then Close.  You should now see both url_scheme_http and url_scheme_https in the Set Destination Object dialog.

User-added image

 

9.)  Click New > Combined Destination Object.  In the Name field, type url_schemes_http_https

10.)  Shift-click to select both url_scheme_http and url_scheme_https and then click Add.

11.)  Click OK to add the Combined Destination Object to the Web Access Layer, and then click OK to close the Set Destination Object dialog.

User-added image

 

12.)  Right-click the Action cell and select Set.

13.)  Click New and select Authenticate

14.)  Specify the desired Realm and select a redirect Mode:

  • origin-cookie-redirect:  Where the client is redirected to a virtual URL to be authenticated, and cookies are used as the surrogate credential.
  • origin-ip-redirect:  (insecure) where the client is redirected to a virtual URL to be authenticated, and the client ip_address is used as a surrogate credential.
  • form-cookie-redirect:  Where a form is presented to collect the user's credentials.  The user is redirected to the authentication virtual URL before the form is presented.
  • form-ip-redirect:  (insecure) where the user is redirected to the authentication virtual URL before the form is presented.

 

15.)  In this example, the mode is set to origin-cookie-redirect

User-added image

 

16.)  Click OK to add the authentication object, and then click OK to close the Set Destination Object dialog.

User-added image

 

17.)  From the Policy menu, select Add SSL Intercept Layer.

18.)  Right-click the Action cell and select Set > New > Enable HTTPS Interception.

User-added image

 

19.)  Click OK to add the interception object, and then click OK to close the Set Action Object dialog.

User-added image

 

20.)  In the Visual Policy manager, click Install Policy.

21.)  Test.

Workaround
Additional Information
Bug Number
InQuira Doc IdKB3716
Attachment

Article Feedback

Did this Article solve your issue?
Additional Comments:
 
Previous MonthNext Month
SunMonTueWedThuFriSat