Does ACE Work With SSL Bridging and SCCM Custom HTTP Methods?
I'd like to know if Cisco ACE can be used as reverse proxy specifically for System Center 2012 R2 and also have it filtered to only allow a specific list of non-standard HTTP verbs through. We would like to see if we can place an ACE device in our DMZ that will forward traffic from our Internet Based laptops through to our internal Config Manager server only after it passes device certificate authentication and inspects the packets to ensure only approved traffic types get through even after passing authentication.
Can you configure ACE as a reverse proxy that only allows a set list of custom HTTP methods through to an internal server?
Allow HTTP content type of multipart MIME attachment (multipart/mixed and application/octet-stream)
Allow the following verbs for the Internet-based management point:
Allow the following verbs for the Internet-based distribution point:
Allow the following verbs for the Internet-based fallback status point:
Allow the following HTTP headers for the Internet-based management point:
Allow the following HTTP header for the Internet-based distribution point:
Refer to your firewall or proxy server documentation for configuration information to support these requirements.
For similar communication requirements when using the software update point for client connections from the Internet, see the documentation for WSUS. For example, for WSUS on Windows Server 2003, see the deployment appendix for security settings:http://go.microsoft.com/fwlink/?LinkId=143368.
SSL bridging to SSL: The recommended configuration when you use proxy web servers for Internet-based client management is SSL bridging to SSL, which uses SSL termination with authentication. Client computers must be authenticated by using computer authentication, and mobile device legacy clients are authenticated by using user authentication. Mobile devices that are enrolled by Configuration Manager do not support SSL bridging.
The benefit of SSL termination at the proxy web server is that packets from the Internet are subject to inspection before they are forwarded to the internal network. The proxy web server authenticates the connection from the client, terminates it, and then opens a new authenticated connection to the Internet-based site systems. When Configuration Manager clients use a proxy web server, the client identity (client GUID) is securely contained in the packet payload so that the management point does not consider the proxy web server to be the client. Bridging is not supported in Configuration Manager with HTTP to HTTPS, or from HTTPS to HTTP.
Join us on Wednesday, June 2 at 10 am PT/ 1 pm ET as we discuss what tomorrow's cloud will be and what you need to know to prepare.
Accelerate your IT to a cloud operating model and get the information you need to be cloud smart, no matter how many cloud...
Thanks for attending our ATXs sessions! Here’s the post-session resources for easy reference.
New to ATXs? An ATXs session, offered at no cost, is an hour of real-time learning led by Cisco experts, who will answer your technology questions through produ...
Thanks for attending our Ask the Experts (ATXs) sessions! Here’s the post-session resources for easy reference.
New to ATXs? An ATXs session, offered at no cost, is an hour of real-time learning led by Cisco experts, who will answer your technology quest...
New Cisco Champion Radio release on Cisco Intersight Cloud Operations PlatformListen: https://smarturl.it/CCRS8E15Follow us: https://twitter.com/CiscoChampion Known as Project Starship when it was introduced in June 2017, Cisco Intersight has come a ...