How to enable Beacon Reverse Proxy Setup

How to enable Beacon Reverse Proxy Setup

1.png

When setting up the Beacon its possible to route it through a reverse proxy, in the image above this is explained, The agents only have network availability to the reverse proxy server (Davecorp) However the agents will instead try and target the beacon (Flexbeacon123)

To alter the agent's behaviour to instead upload to the reverse-proxy instead of directly attempting the beacon we need to access the beacon server itself and open the beaconengine.config file-

2.png

Locally on the beacon open this file in notepad.

3.png

Within this file, you will see the following, see the circled entry.

By entering information in the networkName field and saving this file with these new details it will update the agents on their next policy update.

 

Keep in mind that the agents will need connectivity to perform this policy update

Was this article helpful? Yes No
No ratings
Comments

Hi Dave,

Normally we use the Networkname when we would like to use the CName instead of the FQDN of an Beacon. 

Can you please explain how this related to the proxy? As you are using the same field for that.  Meaning you are basically pointing towards the proxy. That is no webserver and neither does it know which beacon it should contact. So How would that work?

 

Regards

Ronald 

Hi Ronald,

not sure if I follow completely but this process is best explained as giving the beacon a "Fake" Identity within the policy,

If the beacon is called for example "Davesbeacon123.flexera.com" but the agents have to first pass through a proxy called "davesproxy.externalnetwork.com" the agents are never going to be able to communicate to the rest of the fnms system as they will be trying to communicate with "Davesbeacon123.flexera.com" as this is what is included in the policy.

The technique in the KB explains how to give the Beacon a "Fake" identity within the beacon so that the policy will display this with whatever information we enter.  So, for example, we can give the beacon "Davesbeacon123.flexera.com" a "Fake" identity of "davesproxy.externalnetwork.com" and this will then be populated in the policy for the agents to consume, this means the agents will then be able to communicate to the beacon via the proxy as it will be updated with this value in their policy.

hope this makes sense, it can be tricky to explain in text

Hi Dave,

Thanks for your response.  I have been using the Networkname a lot, but I just don't see the link with the proxy.  If I follow your story the agent is trying to go to : davesproxy.externalnetwork.com that is the proxy server at that moment.

But what I don't understand is the part from there. If the agent contacts the davesproxy.externalnetwork.com proxy server instead of an beacon. The agent for example tries to upload an ndi or ask for an policy update. Since the davesproxy.externalnetwork.com ends up at the proxy instead of an Beacon server. How can the proxy then help the agent? As it is an proxy and no Beacon server. Neither does the proxy know about the existince of Davesbeacon123.flexera.com beacon and other beacons like Ronaldsbeacon123.flexera.com ?

Hope i made it more clear 🙂

 

Regards Ronald

Ah I understand, the proxy would forward on the request

 

so agent requests to post a file to

http://davesproxy.davesnetwork.com/managesoftrl

request get sent to proxy, proxy forwards requests to:

http://davesbeacon.davesnetwork.com/managesoftrl

 

this change does not change the URL of the beacon itself it just changes its value within the policy itself so that the agent is instructed talk to the proxy instead of the beacon directly

Version history
Revision #:
1 of 1
Last update:
‎Jun 30, 2020 08:34 AM
Updated by:
 
Contributors