Skip to content

Reverse Proxy Service Object (Ingress)

Ingress Service Objects are used in the Ingress/ReverseProxy rules. The object defines a listener port that the Valtix gateway listens for the traffic it receives and forwards to the target/backend address. Listener port can be configured with a decryption profile that has a TLS certificate configured. When the traffic hits the listener port, the Valtix Gateway returns the TLS certificate configured.

An SNI can be configured on this port. This enables a single listener port (e.g 443) to be proxied to multiple backend targets based on the SNI.

L7 DoS (L7 Denial of Service) can be configured on the service to set rate limits for an URI and/or HTTP method.

Target defines the backend address object and port to forward the traffic. The proxied traffic can be forwarded as HTTP, HTTPS, TCP or TLS.

Add Reverse Proxy Service

  1. Navigate to Manage -> Security Policies -> Services
  2. Click Create
  3. Click Reverse Proxy
  4. Provide a name and description
  5. Configure proxy parameters as defined below
Option description
Decryption Profile Assign a Decryption profile, which also includes the server certificate, to be used for the Proxy service
Dst Port Assign a destination port. For most web-based services, the destination port will be 443. This is the port Valtix Gateway listens on for the incoming traffic.
Protocol TCP is the default.
SNI Enter the list of SNIs.
L7 DoS Enter the Layer 7 DoS profile to assign to this proxy service
Target Backend Port Target/Backend application port number
Protocol Select the backend protocol
Address Select a backend IP address. The IP address in most cases will be the frontend IP of an internal load balancer

Tech Notes

If the proxy service is required to run on multiple ports, you can add more entries. However all the ports serve the same certificate and are proxied to the same backend destination address object.