Protect Multiple Servers with Ingress Gateways

To protect a web facing application or servers with ingress gateways in Multicloud Defense, perform these steps:

Before you begin

If you require decryption for additional security, you need to import certificates and keys in Multicloud Defense. You need to also create a decryption profile to establish a back-end session with the server.

Procedure

Step 1

Define a Reverse Proxy Target Address Object. This will be the target server for the target and private load balancer to which Multicloud Defense sends traffic. See Create a Reverse Proxy Target Address Object.

Step 2

Create a Reverse Proxy Service Object for ingress to enable the gateways to process the traffic. See Reverse Proxy Service Object (Ingress).

  1. If you use decryption for additional security, you need to import the certificate into Multicloud Defense. See Import Certificate.

  2. If you use decryption, create a decryption profile. See Create a Decryption Profile. Once you complete creating a profile, you will select the decryption profile in the Listener Decryption Profile column.

  3. If you do not use decryption, do not provide any details in the Listener Decryption Profile drop-down list. Enter details for the rest of the fields.

Note

Client CA Decryption Profile does not apply for Reverse Proxy.

Step 3

Create a Policy Ruleset and associate an Ingress Policy Ruleset with an Ingress Gateway. See Create Policy Rule Set.

Step 4

Add a Reverse Proxy in a Rule Set. See Add or Edit a Reverse Proxy Rule in a Rule Set.

What to do next

(Optional) You can add reverse proxy rules in the policy rule set or edit existing rule sets.