Reverse Proxy Service Object (Ingress)¶
Ingress Service Objects are used in the Ingress/ReverseProxy rules. The object defines a listener port that the Valtix gateway listens for the traffic it receives and forwards to the target/backend address. Listener port can be configured with a decryption profile that has a TLS certificate configured. When the traffic hits the listener port, the Valtix Gateway returns the TLS certificate configured.
An SNI can be configured on this port. This enables a single listener port (e.g 443) to be proxied to multiple backend targets based on the SNI.
L7 DoS (L7 Denial of Service) can be configured on the service to set rate limits for an URI and/or HTTP method.
Target defines the backend address object and port to forward the traffic. The proxied traffic can be forwarded as HTTP, HTTPS, TCP or TLS.
Add Reverse Proxy Service¶
- Navigate to Manage -> Security Policies -> Services
- Click Create
- Click Reverse Proxy
- Provide a name and description
- Configure proxy parameters as defined below
Option | description |
---|---|
Decryption Profile | Assign a Decryption profile, which also includes the server certificate, to be used for the Proxy service |
Dst Port | Assign a destination port. For most web-based services, the destination port will be 443. This is the port Valtix Gateway listens on for the incoming traffic. |
Protocol | TCP is the default. |
SNI | Enter the list of SNIs. |
L7 DoS | Enter the Layer 7 DoS profile to assign to this proxy service |
Target Backend Port | Target/Backend application port number |
Protocol | Select the backend protocol |
Address | Select a backend IP address. The IP address in most cases will be the frontend IP of an internal load balancer |
Tech Notes
If the proxy service is required to run on multiple ports, you can add more entries. However all the ports serve the same certificate and are proxied to the same backend destination address object.