Does ACE Work With SSL Bridging and SCCM Custom HTTP Methods?
I'd like to know if Cisco ACE can be used as reverse proxy specifically for System Center 2012 R2 and also have it filtered to only allow a specific list of non-standard HTTP verbs through. We would like to see if we can place an ACE device in our DMZ that will forward traffic from our Internet Based laptops through to our internal Config Manager server only after it passes device certificate authentication and inspects the packets to ensure only approved traffic types get through even after passing authentication.
Can you configure ACE as a reverse proxy that only allows a set list of custom HTTP methods through to an internal server?
Allow HTTP content type of multipart MIME attachment (multipart/mixed and application/octet-stream)
Allow the following verbs for the Internet-based management point:
Allow the following verbs for the Internet-based distribution point:
Allow the following verbs for the Internet-based fallback status point:
Allow the following HTTP headers for the Internet-based management point:
Allow the following HTTP header for the Internet-based distribution point:
Refer to your firewall or proxy server documentation for configuration information to support these requirements.
For similar communication requirements when using the software update point for client connections from the Internet, see the documentation for WSUS. For example, for WSUS on Windows Server 2003, see the deployment appendix for security settings:http://go.microsoft.com/fwlink/?LinkId=143368.
SSL bridging to SSL: The recommended configuration when you use proxy web servers for Internet-based client management is SSL bridging to SSL, which uses SSL termination with authentication. Client computers must be authenticated by using computer authentication, and mobile device legacy clients are authenticated by using user authentication. Mobile devices that are enrolled by Configuration Manager do not support SSL bridging.
The benefit of SSL termination at the proxy web server is that packets from the Internet are subject to inspection before they are forwarded to the internal network. The proxy web server authenticates the connection from the client, terminates it, and then opens a new authenticated connection to the Internet-based site systems. When Configuration Manager clients use a proxy web server, the client identity (client GUID) is securely contained in the packet payload so that the management point does not consider the proxy web server to be the client. Bridging is not supported in Configuration Manager with HTTP to HTTPS, or from HTTPS to HTTP.
Join us live on Thursday, April 8 at 10 am PT (and on demand after) as we join Cisco and HashiCorp executives to discuss the importance of IaC automation, Intersight Service for Terraform, and how to better manage hybrid cloud infrastructure at scale...
Join us live on Thursday, April 8 at 10 am PT (and on demand after) where Cisco and HashiCorp executives will discuss the importance of IaC automation, Cisco Intersight Service for Hashicorp Terraform, and how to better manage hybrid cloud infrastructure...
How to START with Infrastructure as a code for Cisco Cloud Solutions
ACI Ansible Modules Documentation Guide
Cisco Collections on Ansible Galaxy
Cisco DevNet Learning Labs
DevNet Introduction to ACI and Ansible
DevNet Introduction to ACI a...
Here's how to get notified about Cisco software releases, like the Application Policy Infrastructure Controller (APIC) (APIC Software)
Go to software.cisco.com - where you download all Cisco software
Select Software Download