VMware Cloud Community
ChristianBriere
Contributor
Contributor
Jump to solution

vCenter 6.0 FQDN redirect to local name from Internet

Hi!

We have vCenter 6.0 working normally but it has a local hostname (vCenter.domain.local). This was build by an employee that left the company. I need to open the web client to the web (with Inbound filter) but my issue is that anytime I access the external IP or the external FQDN, it redirect to the local name, so it doesn't work.

https://vcenter.domain.local/websso/SAML2/SSOSSL?RelyingPartyEntityId=aHR0cHM6Ly8yMDYuNDEuOTUuMjU0Oj...

How can I fix this, without breaking anything? Smiley Happy

Thanks for any help

Tags (3)
Reply
0 Kudos
1 Solution

Accepted Solutions
daphnissov
Immortal
Immortal
Jump to solution

You can't, that's not how it's supposed to work. You don't access vCenter from the Internet side and have it redirect using that name. If such an access method is required, it needs to be done over VPN or a place that is local to the network.

View solution in original post

6 Replies
daphnissov
Immortal
Immortal
Jump to solution

You can't, that's not how it's supposed to work. You don't access vCenter from the Internet side and have it redirect using that name. If such an access method is required, it needs to be done over VPN or a place that is local to the network.

ChristianBriere
Contributor
Contributor
Jump to solution

Thanks for your reply. That is what I was thinking but I thought there could have a possibility to bypass !

To have user connecting and having access to their VPN, by VPN, or configuration a vCloud, right?

Thanks

Reply
0 Kudos
daphnissov
Immortal
Immortal
Jump to solution

However you need to enable connectivity given your network infrastructure design, users must be on a segment that can access vCenter.

sjesse
Leadership
Leadership
Jump to solution

I've never tried this and I highly doubt its supported, but if you wanted you may be able to put a reverse proxy in front of vcenter that rewrites the http header coming from external to the internal version. Here is someone who tried, but I don't think the vmrc plugin would ever work

https://www.digitalocean.com/community/questions/access-vsphere-web-client-using-nginx-reverse-proxy

Reply
0 Kudos
sjesse
Leadership
Leadership
Jump to solution

To add, I think having the webclient accessable from the internet is a bad design, I'd suggest using VPN like before or if you have a vdi enviornment allow anyone that needs access that way.

Reply
0 Kudos
ChristianBriere
Contributor
Contributor
Jump to solution

Since this is a production server, the VPN and blocked everything else except the IP/port I can block in the firewall, this would be the best way. I'll follow this path.

Thanks

Reply
0 Kudos