Skip to content

HTTPS Proxy Policy Rule

Add a forward proxy rule to the policy set with the https service that was created in the previous section.

  1. Click Manage -> Security Policies -> Rules
  2. Find the ruleset name that's associated with the Egress Gateway
  3. Click the ruleset name
  4. There is already a rule here to allow the health check traffic from the load balancer on port 65534 (this port number was specified during the gateway creation) and another HTTP proxy rule that was added in the previous sections
  5. Click Create to create a new rule
  6. A new rule editor opens in the slide over panel on the right
  7. Add a name to the rule (e.g. any-egress-https)
  8. In the Type dropdown select Forward Proxy
  9. In the Service dropdown select egress-proxy-https (or the name provided to the http service created)
  10. In the Source dropdown select any
  11. Destination would be hard coded to any as gateway acts as a proxy and Valtix transparently changes the destination to the Gateway
  12. In the Action select Allow Log. This allows the Gateway to accept the traffic and log the flows that can be checked in the Investigate section of the Valtix Dashboard
  13. Leave all the profiles to empty, the rules will be enhanced to use these profiles in the later part of the tutorial
  14. Click Add
  15. Create more rules if required. In this section of the tutorial you will not add any more rules
  16. Click Save to save all the rules and click Yes in the confirmation
  17. It takes a few seconds to save the policy. Once the rule set is saved, the Gateway instances pull the ruleset from the controller during the regular message exchange process

Tech Notes

If you are not using GWLB, then check the Internal Load Balancer on the AWS console. It should have a listener on Port 443 and a target group with the Valtix Gateway EC2 instances as the targets