I'm not sure I understand how a reverse SMTP Proxy might be desirable.
Would load balancing along with DNAT do what you want for webserving? I guess you could create a generic proxy, but I don't understand its use well enough to know if that would be of any advantage. If you're worried about malware being uploaded to those servers, then my guess is you're better off with a specialized AV running on the servers themselves.
Please let us know what you wind up doing.
Thanks - Bob
Sophos UTM Community Moderator Sophos Certified Architect - UTM Sophos Certified Engineer - XG Gold Solution Partner since 2005
Astaro 7 uses a custom http proxy; I doubt it would be practical to set it up as a reverse proxy. Even in older versions when Squid was used, reverse proxing wasn't available without hacking the system.
ISA server made most users that hadn't used squid, aware of reverse proxy (although apache has the capability also). Basically all the inbound requests are made to the gateway machine and it takes out all the bad stuff before it even reaches the web server thereby giving an extra layer of defense against the "deamons of the internet".
Similar to webfilter in ASL but working in both directions. And as Barry mentioned, I tried some pretty fancy techniques with ASL v4 to make the proxy behave as reverse proxy (there was no IDS etc back then so it was much simpler), but it always broke one thing or another.
ISA server has some special filters that you can use to publish owa (outlook web access) and that is about the only reason I would use it. Otherwise, with web hosting prices so low these days, the demand for this would hardly be there any more.
we had the same problem needing reverse proxying. What we wound up doing is placing a small server in the DMZ, which does the reverse proxying and is DNATed in the ASG.
Can you guide me in detail steps how you really achieved reverse proxy in ASG 7.4?
I mean what type server you placed in DMZ and then how you did DNATing in ASG.
Please help.
