000027028 - Does the Web-Tier Virtual Hostname need to be resolvable from Internet?

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000027028
Applies ToAuthentication Manager Express
AMX
RBA
Risk Based Authentication
IssueDoes the Web-Tier Virtual Hostname need to be resolvable from Internet?
ResolutionYes, the AMX web-tier virtual hostname must be resolvable via external DNS just as any internet facing web resource such as an SSL VPN or a web portal would. 
When a user initially browses to an SSL VPN protected by Authentication Manager Express, the AMX integration script causes the user's browser to be redirected to the AMX web-tier virtual hostname.  This requires the end user's browser to resolve the virtual hostname.  The related IP address could be the external IP of a NAT device, the IP of a web-tier machine in the DMZ, or the IP of a load balancer in the DMZ depending on the AMX deployment configuration. 
NotesThe protected resource (SSL VPN, web portal, etc.) does not directly communicate with the web-tier host(s). 
Legacy Article IDa55182

Attachments

    Outcomes