1. Home
  2. Docs
  3. SecureAccess Appliance
  4. Configuration
  5. Configure Web Application Proxy

Configure Web Application Proxy

The wizard provides the steps to configure Web Application Proxy (WAP) settings for the Celestix E Series Appliance. Instructions cover the steps common to most deployments, but again, an individual organization may require different or additional configuration.

For setup, the administrator needs access to the following resources:

  • The external firewall (see Firewall Ports Reference)
  • The E Series appliance web UI
  • Deployments that include the SSO Portal will require additional DNS records and firewall rules

General Information provides necessary details to complete configuration.

General Information

The following deployment notes provide information to understand Web Application Proxy configuration.

Deployment Assumptions

Information presented in the E Series setup instructions is based on the following:

  • The Web Application Proxy feature has been installed through the web UI.
  • Deployment is a single proxy server.
  • AD will be used for authentication and authorization through ADFS.
  • Internal DNS entries have been configured for Web Application Proxy to resolve hostnames for backend servers.
  • Public DNS entries have been configured to resolve external URLs for each published application.
  • Firewall rules have been configured to allow traffic for the following connectivity:
    • To ADFS through port 443
    • To AD
    • To published applications as required

Requirement Checklist

The following items will be required to set up the proxy. Plan ahead so that items are available when needed.

  • ADFS – must be deployed on a separate server.
  • ADFS administrator account – required to access ADFS for authentication.
  • Publicly signed certificate– an SSL certificate is required; it is strongly recommended to use a third-party certificate from a trusted vendor. The certificate subject is the same as the federation service namespace.
  • SSO portal address – optional configuration; if the portal is deployed, an FQDN will be needed to assign to the SSO portal for end user access to hosted applications.

Example Information

To help make the instructions clear, the following examples are used to identify components.

 Internal DomainFederated DomainCelestix E Appliance
FQDNad01.intexample.comadfs.fedexample.comCelestix Edge01.intexample.com
Host Namead01adfsCelestix Edge01
Domain Nameintexample.comfedexample.comintexample.com

Use the Setup Wizard

The setup wizard is a walk-through to configure components for proxy services.

Access the screen through the web UI at Celestix E Features Web Application Proxy Wizard.

Wizard Instructions

  1. ADFS Services– complete the following:
    1. ADFS Service– enter the fully qualified domain name.
      Example: adfs.fedexample.com
    2. Username– enter ADFS administrator account.
      For example: intexample\adminuser
    3. Password– enter the password for the ADFS account.
    4. SSO Portal– if WAP will be used to publish applications for remote users, enter the address end users will need to access those applications.

      Note: Entering the address creates the portal.

  2. Certificate 
    1. Click the Import button.
    2. Complete the following:
      1. Certificate – navigate to and select the certificate that will be used for authentication.
      2. Password – enter the certificate passphrase.
      3. Click the Import button.
    3. The imported certificate should display in the Certificate field. If not, use the drop menu to select it.
    4. Click Next.
  3. Finish – review the settings; click Next to configure.
  4. The wizard is complete when the congratulations screen displays.
  5. SSO portal deployment: Click the PowerShell link to download a script that must be run on the ADFS server to set up a relying party trust.

The base level setup for Web Application Proxy is now complete.