How to Create a virtual service that will operate as a reverse proxy
Often customers wish to configure a reverse proxy virtual service. Typically, this type of service is created for Lync, Exchange or other application. A reverse proxy allows administrators to connect clients to a service, hosted on the edge of a network, which may leverage pre-authentication and other security features, prior to allowing the client's request to reach the application server.
In the example above, the reverse proxy service is hosted on the IP address of 10.1.114.28 and proxies to an address of 10.1.112.202. The Real Server address used could resolve to many things:
- Another LoadMaster hosted Virtual Service
- An array of servers
- A firewall address which will NAT internally
Often the virtual service will target a real server IP which resides within a different subnet (referred to as a two arm configuration). To avoid routing issues, we recommend configuring a static route within the LoadMaster. This can be configured within the WUI -> System Configuration -> Route Management -> Additional Routes.
An additional route is not necessary if the second subnet is also local to the LoadMaster. In this scenario, to avoid routing as well as ACL issues, we recommend enabling Subnet Originating Requests. This causes the LoadMaster's Virtual Service address to leave out of the interface that is local to the Real Server. Since the source address will appear to be local to the server's subnet, most routing decisions will be skipped and the LoadMaster should receive a response without an issue. This feature is found within the WUI -> System Configuration -> Miscellaneous Options -> Network Configuration.