In some customer environment, they not only deployed with a single DMZ but having 2 as Internal and External DMZ.
UAG is compatible with this deployment model. It has a cascaded architecture includes two instances of the UAG with separate roles.
In cascade mode, the back-end UAG resides in the Internal DMZ acting as an Horizon Edge and communicating with Connection Server. The front-end UAG resides in the external DMZ acting as a reserve proxy to the back-end UAG.
This sharing will mainly cover the setting of UAG resides in external DMZ. Showing how to setup a reversed proxy on UAG for the purpose.
For the procedure of setting up an internal UAG as Horizon Edge, please refer following sharing for details.
To start the deployment, you need to import the UAG OVF template to vCenter first. You may refer following sharing for how to import the OVF template.
After that, you will also required to obtain the thumbprint of the certificate applied on the Internal UAG. Following is an example of obtaining thumbprint from Connection. You may refer the procedure. It is the same except the target URL will be the Internal UAG link.
Once you get those things listed above done. You can continue the configuration on the External UAG.
Logon to the admin UI of external UAG.
Select and show the Edge Service Setting.
Click the "Gear" button next to the Reserve Proxy Setting.
Click "Add".
Select and enable "Enable Reverse Proxy Settings".
Assign a name for the Instance ID.
Input URL of Internal UAG to Proxy Destination URL. For example, if you can access the VDI through internal UAG with URL "intuag.testing.com", please input "https://intuag.testing.com" to the field.
Input the certificate thumbprint of Internal UAG to Proxy Destination URL Thumbprint.
Input "(/broker/xml(.*)|/xmlapi(.*)|/ice/(.*)|/r/(.*)|/portal(.*)|/view-client(.*)|/)" to Proxy Pattern.
Click "Save".
Click "Close".
Wait for 5 minutes to let the setting applied on UAG. Green light will be shown next to the Reverse Proxy Setting after the setting applied.
----- END -----
Hi Barry
Deploying UAG1 as a reverse proxy in dual DMZ. When UAG2 is Horizon EDGE, it works normally internally. How to set up the network or configure UAG1 to achieve Internet access,