cancel
Showing results for 
Search instead for 
Did you mean: 

Horizon - Proxy - Blast secure gateway

Wasim
Nimbostratus
Nimbostratus

Hello Experts,

I am new to F5 and to this community, and need some help and guidance to configure F5 and Horizon connection servers.

2 x connection servers behind 1 x F5.

Internal users will connection vIP.

Few Users will be accessing Desktop instances via HTML Access.

On F5, I am using iApps template for Horizon i.e., f5.vmware_view.v1.5.9

Necessary certificate is added in F5 and are being used in iApp template. (desktop.domain.com)

 

HTML Access should be proxied through connection servers to avoid users going to Desktop instance directly and hitting TLS certificate issue.

Horizon connection servers are configured "Use Blast Secure Gateway for only HTML Access connections to machine"

and Blast external URL as :https://desktop.domain.com:8443

 

iApp configuration for Blast connection is as shown in below screenshot.

 

Unfortunately, the behaviour is not as expected, the user is hitting IP address of Desktop instance with TSL certificate error.

In contrast, when I change the Blast URL to : https://connection.domain.com:8443 (FQDN points to IPs of connection servers), I have no issues and its a smooth access to users.

 

Want to know if I am missing any configuration from F5 prespective.

 

Thank you for the time.

 

 

0691T00000BSZJIQA5.jpg

0691T00000BSZKzQAP.jpg

0691T00000BSZL0QAP.jpg

2 REPLIES 2

Wasim
Nimbostratus
Nimbostratus

Is it that my ask does not make sense or community is dead!

Or it is hard to answer.

 

But let me give it a try.

I do not see a 8443 listener or forwarding virtual server.

And the BIG-IP is not a BLAST gateway or are you also using APM to authenticate the users?

 

Cheers,

 

Kees