How to comsume Managed Reverse Forward Proxy
The services are consumed exclusively via the portal or API of the Enterprise Service Cloud.
Pre-Conditions
In order to use the Cloud Network Services, various conditions must be met.
Network Range Reservation
For "Cloud Network Service" to be consumed, a customer IP range must be reserved once, which is then automatically managed by Swisscom. This task is done by Swisscom at onboarding.
DNS-Zone Managed by Swisscom
If desired, Swisscom will manage the DNS records associated with the Managed Forward Proxy. This is only possible if the DNS zone is also managed by Swisscom (not part of Managed Forward Proxy)
Create Managed Forward Proxy
The Managed Forward Proxy can be ordered in the portal or on the API of the Enterprise Service Cloud.
Create Tufin Function (for Tufin managed tenants only)
Create a tufin function that can be selected at create of the service. This is necessary to manage the firewall rules in tufin after creating a Managed Forward Proxy.
Input Parameter
| Field | Description | Valid values |
|---|---|---|
| Uplink Topologie | Selection of the configured connection of the Enterprise Service Cloud to peripheral systems (outside) | Dropdown Menu (configured Uplink Topology) |
| Plan Name | Selection of performance classes | Dropdown Menu Managed Reverse proxy S Managed Reverse proxy M Managed Reverse proxy L Managed Reverse proxy XL |
| FQDN | DNS record(s) are created if the DNS zone is managed by Swisscom. (A record and/or AAAA record). Leaf the field empty if the DNS zone is not managed by Swisscom | Valid fully qualified domain name. consisting of root domain, domain(s) and hostname separated by dots |
| Description (Optional) | Additional instance description text | Text Input |
| IP-Adress Family | Choice of which IP stack should be used for the forward proxy | Dropdown Menu Ipv4 Ipv6 DualStack |
| Enable Socks | Checked: The socks-proxy forwards TCP and UDP connections, helping to bypass network segmentations. (this is a dynamic port forwarding technique) Unchecked: no port forwarding is enabled | Checkbox |
| Tufin Fuction | Enter the pre-configured Tufin Function (this input is only visible tu tufin enabled tenants) | Text Input |
| List allow destination IP | List of destination IPs the Managed Forward Proxy allows. For the exact syntax see "Technical-Details". Only the here listed entities will be activated | Multi-Line-Textbox |
| List allow destination Domains | List of destination Domains the Managed Forward Proxy allows. For the exact syntax see "Technical-Details". Only the entities listed here will be activated | Multi-Line-Textbox |
| List deny destination IP | List of destination IPs the Managed Forward Proxy blocks. For the exact syntax see "Technical-Details". Only the entities listed here will be activated | Multi-Line-Textbox |
| List deny destination Domains | List of destination Domains the Managed Forward Proxy blocks. For the exact syntax see "Technical-Details". Only the entities listed here will be activated | Multi-Line-Textbox |
| List allow Source IP | List of source IPs the Managed Forward Proxy acepts. For the exact syntax see "Technical-Details". Only the entities listed here will be activated | Multi-Line-Textbox |
| List deny Source IP | List of source IPs the Managed Forward Proxy blocks. For the exact syntax see "Technical-Details". Only the entities listed here will be activated | Multi-Line-Textbox |
Post Tasks
When the Managed Forward Proxy is created, the firewall-rules between the consuming servers and the Managed Forward Proxy must be set accordingly.
Edit Managed Forward Proxy
Some configuration parameters of the Managed Forward Proxy can be changed. The service is not interrupted by doing this. Use this action to change your instance settings.
Input Parameter
| Field | Description | Valid values |
|---|---|---|
| Plan Name | Selection of performance classes | Dropdown Menu Managed Forward Proxy S Managed Forward Proxy M Managed Forward Proxy L Managed Forward Proxy XL |
| IP-Adress Family | Choice of which IP stack should be used for the Managed Forward Proxy | Dropdown Menu DualStack |
| Enable Socks | Checked: The socks-proxy forwards TCP and UDP connections, helping to bypass network segmentations. (this is a dynamic port forwarding technique) Unchecked: no port forwarding is enabled | Checkbox |
| List allow destination IP | List of destination IPs the Managed Forward Proxy allows. For the exact syntax see "Technical-Details". Only the here listed entities will be activated | Multi-Line-Textbox |
| List allow destination Domains | List of destination Domains the Managed Forward Proxy allows. For the exact syntax see "Technical-Details". Only the here listed entities will be activated | Multi-Line-Textbox |
| List allow Source IP | List of source IPs the Managed Forward Proxy acepts. For the exact syntax see "Technical-Details". Only the here listed entities will be activated | Multi-Line-Textbox |
| List deny destination IP | List of destination IPs the Managed Forward Proxy blocks. For the exact syntax see "Technical-Details". Only the here listed entities will be activated | Multi-Line-Textbox |
| List deny destination Domains | List of destination Domains the Managed Forward Proxy blocks. For the exact syntax see "Technical-Details". Only the here listed entities will be activated | Multi-Line-Textbox |
| List deny Source IP | List of source IPs the Managed Forward Proxy blocks. For the exact syntax see "Technical-Details". Only the here listed entities will be activated | Multi-Line-Textbox |
Delete Managed Forward Proxy
Delete must be confirmed. No recovery will be possible.
Post Tasks
The firewall rules set up between the server/application and Managed Forward Proxy must be removed manually.