1. Usage Scenario

This page configures the web proxy for browser access and watermark policy.

Customers can add web proxy for users to visit their applications (http/https/ssh*/rdp* based applications ) via browser. Browser access can be used for users who are not convenient to install ESA client, like:

• 3rd party partner users
• part time staffs
• contractors

With the proxy configured, when users access the application via browser, the URL visited will be a proxied URL instead of real address. In this way, we can protect application address from been exposed.

2. Operation Steps

1） Go to Web Security Gateway–>Basic Configuration to configure your web proxy server.

2） For security access, we recommend customers to use your own certificate and domain for web access.
Here are the steps:

• Config a domain and upload certificate. We suggest to use 4-level domain name, For example: alex.esa.ABC.com. ABC refers to your company name.
• Contact CDNetworks technical service to config CNAME to ESA platform. After configuration, CDNetworks technical service will return the CNAME domain, for example: nsesa.cdnetworks.com
• On your name server, CNAME or NS your domain: *.esa.ABC.com or .esa.ABC.com (depends on your NS format) to nsesa.cdnetworks.com
• After configuration completed, please send the alex.esa.ABC.com URL to your users.

There are two options for Proxy Authentication:
Secure authentication (recommended): means account authentication is required when user access login via web browser
Free authentication: means no account authentication is needed to access applications. This may be used in scenarios like API access.

3） User login: Copy the proxy URL: alex.esa.ABC.com to browser and then you will get ESA login page.

After login to ESA via URL, when user visit the application, for example: ERP, the actual visiting URL will be erp.esa.ABC.com. Users are visiting the proxied domain instead of real domain. By doing this, we can shield your applications from been exposed to Internet.