When using a third party load balancer to provide the tunnel service on the Unified Access Gateway (UAG), what should the SSL setting be on the load balancer?
When using a third party load balancer to provide the tunnel service on the Unified Access Gateway (UAG), what should the SSL setting be on the load balancer?
When using a third-party load balancer to provide the tunnel service on the Unified Access Gateway (UAG), the SSL setting should be SSL Passthrough. This is because SSL passthrough maintains the end-to-end encryption by passing the SSL traffic through directly to the UAG without decrypting it at the load balancer. This is crucial for the proper handling of secure traffic and for compliance with UAG requirements that do not support SSL offloading or re-encryption.
i believe it should be: D https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/2005/Tunnel_Linux/GUID-AWT-SSLOFFLOADING.html "SSL Offloading and SSL re-encryption is not supported for the Per-App Tunnel"
I believe answer is C - SSL Offloading. https://docs.vmware.com/en/Unified-Access-Gateway/2009/uag-deploy-config/GUID-9B1FB477-A1E0-4617-BCBF-726867210AD8.html Configure the load balancers to Send Original HTTP Headers to avoid device connectivity problems. Content Gateway and Tunnel Proxy use information in the request's HTTP header to authenticate devices.
I think you're on the right track here, but the answer should be passthrough. Offloading SSL would change the headers. I believe best practice here is Passthrough - D.
The Answer should be B. "Unified Access Gateway appliances work with standard third-party load balancing solutions that are configured for HTTPS." https://docs.vmware.com/en/Unified-Access-Gateway/3.3/com.vmware.uag-33-deploy-config.doc/GUID-9B1FB477-A1E0-4617-BCBF-726867210AD8.html
based on my experience, it should be D.... had faced this issue in production, moving to SSL pass through resolved my issue
Correct answer should be A
B is correct. The SEG on UAG does not support a non-SSL configuration. If the SSL traffic from a device is offloaded on a Load Balancer or F5 network, the SEG must be configured with any SSL certificate to ensure that the traffic reaching the SEG from these network components is encrypted. In such a scenario, the SSL certificate rotation for SEG is applicable as explained in the Upload the SSL Certificate Locally For SEG Edge Service on the UAG Admin UI section. https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/2011/WS1-Secure-Email-Gateway/GUID-D71CBEF1-3754-4362-95EE-15B269E68B61.html
The Answer is: C Load Balancer Checklist for Tunnel Service Before diving into the load balancer requirements, the following checklist contains the recommended load balancer settings to properly handle the Tunnel traffic on Unified Access Gateway. SSL Requirement Passthrough https://techzone.vmware.com/understand-and-troubleshoot-tunnel-connections#ssl-offloading-and-ssl-re-encryption "SSL Offloading and SSL re-encryption are not supported and must be turned off."