AnsweredAssumed Answered

Reverse Proxy Feature of MOB (R80.10)

Question asked by Dor Marcovitch on Oct 29, 2017
Latest reply on Nov 1, 2017 by Dameon Welch-Abernathy

i am trying to figure out how the Reverse Proxy works "under the hood".
the only information is from sk110348.

If my MOB Portal is on: https://vpn.company.com/
I have an ActiveSync application for our mobile phones on the FQDN: https://pop.company.com
And I configure my Outlook Anywhere clients which ar using RPC over HTTP to use the URL: https://pop.company.com

What I have seen is that ActiveSync Traffic have stopped working and also the MOB portal which was also available on https://pop.company.com was not available any more, and any request was forwarded to my backend server (as expected I belive)

I had some research and the RPC over HTTP is using the “/rpc/” so have tried to configure the Outlook Anywhere Rule on the Reverse Proxy setting to have the allowed path to be “/rpc/” , now what I got is :

  1. outlook client is working
  2. Active sync client not working
  3. MOB Portal on https://pop.company.com is not working (but I don’t really need it on this URL (I have vpn.team.co.il for it)
  4. Any traffic that is not in the “/rpc/” path I get “403 Forbidden”

So I don’t understand:

  1. how and which component device which path belongs to MOB and which belongs to Reverse Proxy?
  2. Can MOB and Reverse Proxy listen to the same FQDNS and Port but on different paths?
  3. Can Reverse Proxy feature do it’s “thing” only for specific path or the allow path is only used for blocking anything else?
  4. If so than my conclusion is that if I decide to use Reverse Proxy for https://pop.team.co.il anything for that FQDN and Port will go to the Reverse Proxy feature.

Additional information that is missing me is what blades are able to "scan" the traffic that is proxied on the FW ?

Outcomes