2.2 First Reverse Proxy Configuration

This section explains how to create a reverse proxy to protect the name and IP address of your Web server from being exposed to users. Section 2.3, Configuring the Protected Resource for Authentication builds on this configuration and explains how to require authentication to gain access to the Web server.

Table 2-2 Access Gateway Configuration Information

What You Need To Know


Your Value

Name of the Identity Server cluster



DNS name of the Access Gateway



Web server information



IP address


DNS name



Names you need to create




Reverse proxy name




Proxy service name




Protected resource name



For more information, see Configuring the Access Gateway in the NetIQ Access Manager 3.1 SP5 Setup Guide.

  1. In the Administration Console, click Devices > Access Gateways.

  2. Click Edit, then click Reverse Proxy/Authentication.

  3. Configure a reverse proxy:

    • In the Authentication Settings section, select idpa from the drop-down list.

      In Table 2-2, this is the sample name of the Identity Server cluster.

    • In the Reverse Proxy section, click New, specify DigitalAirlines, then click OK.

      In Table 2-2, DigitalAirlines is the sample reverse proxy name.

  4. To configure a proxy service, click New in the Proxy Service section, then fill in the following fields:

    Proxy Service Name: DA

    In Table 2-2, DA is the sample proxy service name.

    Published DNS Name: lag.test.novell.com

    In Table 2-2, this is the sample DNS name of the Access Gateway.

    Web Server IP Address:

    In Table 2-2, this is the sample IP address of the Web server.

    Host Header: Select the Web Server Host Name from the drop-down list.

    Web Server Host Name: digital.test.novell.com

    In Table 2-2, this is the sample DNS name of the Web server.

  5. Click OK, then configure a protected resource.

    • Click the Protected Resource tab.

    • In the Protected Resource section, click New, then specify everything.

      In Table 2-2, everything is the sample protected resource name.

    • In the URL Path section, examine the path. It should be set to /* to match everything on the Web server.

  6. Click OK to save the configuration.

  7. Click the Access Gateways task, then click Update.

    Wait for the health status to turn green. If it doesn’t turn green, click the Health icon to discover the cause.

  8. Click the Identity Servers task, then click Update.

  9. To test that the Access Gateway is protecting the Web server, open a browser and enter the following URL:


    The first page of the Web server is displayed. If you get an error, verify the following:

    • Check the times on the Access Gateway and the Identity Server. Their times need to be synchronized.

    • Verify that the browser machine can resolve the DNS name of the Access Gateway.