|Applies To||Authentication Manager Express|
Risk Based Authentication
|Issue||Does the Web-Tier Virtual Hostname need to be resolvable from Internet?|
|Resolution||Yes, the AMX web-tier virtual hostname must be resolvable via external DNS just as any internet facing web resource such as an SSL VPN or a web portal would. |
When a user initially browses to an SSL VPN protected by Authentication Manager Express, the AMX integration script causes the user's browser to be redirected to the AMX web-tier virtual hostname. This requires the end user's browser to resolve the virtual hostname. The related IP address could be the external IP of a NAT device, the IP of a web-tier machine in the DMZ, or the IP of a load balancer in the DMZ depending on the AMX deployment configuration.
|Notes||The protected resource (SSL VPN, web portal, etc.) does not directly communicate with the web-tier host(s).|
|Legacy Article ID||a55182|