Reverse proxy with OAM webgate in DMZ or in private LAN?
BartAug 6 2010 — edited Aug 6 2010Hi all,
I am struggling with the following. We have set up an IIS reverse proxy in front of our applications running on Weblogic. We have an OAM webgate installed on this IIS reverse proxy. The IIS reverse proxy is on our private company LAN together with the Weblogic applications and the company employee workstations. The latter need access to the Weblogic applications via the IIS reverse proxy.
We have another reverse proxy running in the public DMZ separated by a firewall from the private company LAN. We want to replace the reverse proxy in the DMZ with the IIS reverse proxy in line with the Enterprise Deployment Guide for Oracle Identity Management (our network architect does not want unauthenticated requests on the private company LAN). However, if we do that, only connections from the internet are authenticated by the WebGate.
How do employee workstations have access via the IIS reverse proxy to the Weblogic applications if the IIS reverse proxy is in the DMZ? Do we need both a reverse proxy for the traffic from the private company LAN and one for the internet? This seems strange to me because we use the proxy also for failover. If one of the weblogic servers goes down the other one kicks in thanks to the proxy server monitoring this.
Any thoughts/advice on this?
Thanks in advance,
Bart.
Edited by: Bart on 6-aug-2010 5:11