- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
UAG not redirecting external https traffic to connection server
Trying to replace Horizon Security server with UAG. Everything works after test deployment, able to connect to VDI from external network. The only thing that's not working is our external remote webpage. https://remote.mydomain.com
In the current environment, external IP for "remote" is NAT to the Security server. Internally, "remote" is routed to the Connection server. My assumption is that the external traffic hits our firewall, then forward to Sec server, then pass to Connection server and back.
Verified the firewall nor any internal security is blocking the traffic as everything works when external traffic is routed through Sec server, but if I NAT the traffic to UAG, https://remote.mydomain.com comes up as site not reachable.
Ran "curl https://remote.mydomain.com" command from the UAG console and receive the following message
curl: (60) SSL cert problem: unable to get local issuer certificate.
curl failed to verify the legitimacy of the server and therefore could not establish a secure connection to it.
Could this be the reason UAG is not passing the request to Connection Server? If so, how can I fix this as we don't plan to use a SSL from trusted CA.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Ciao
In the UAG configurations in general settings, are the settings of the horizon server all green?
On the settings, when you need to insert the Connection Server URL, which certificate did you insert the thumbprint into the configuration?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Curl command is the correct test done to check the cause of failure.
You need to make sure the Destination Connection server under Edge setting Green. In case if it is not, it could be due to UAG unable to reach the Connection server via FQDN or IP or the SSL thumbprint may be incorrect.
Sometime there is a space in front of the thumbprint which case copied while copying the thumbprint and it is hidden. Use the Delete/Space key to delete any hidden character infront of the thumbprint.