I recently added a web-tier deployment to an environment that was previously authenticating directly to the RSA server. I want to verify that the web-tier is stood up correctly and is actually processing the requests. How can I do this?
Also, I'm assuming I should use firewall/microsegmentation rules to restrict access to the RSA server (with a few exceptions for the web tier and SSH to do admin tasks). Otherwise, the web-tier proxy is useless from a security perspective. Is that correct?