Prerequisites for setting up SharePoint access through PTP based access
- The Pass Through Proxy must be configured in host-mode (that is, by using a Virtual hostname).
- The Virtual hostname must be the same as the SharePoint server's internal hostname.
- Internally, the SharePoint server must be accessible over HTTPS on port 443 and the server should have a valid SSL certificate.
- The external DNS should resolve the SharePoint server's hostname to the external interface IP (or external virtual interface IP) of the SA. And the internal DNS, that the SA uses, should resolve the SharePoint server's hostname to the actual IP of the SharePoint server.
Additional configuration tips
- From the Admin UI, go to Resource Policy > Web > Passthrough Proxy and click New Application.
- In the Application field, type a name for the application and in the Description field, type a brief description.
- In the URL field, type the SharePoint server URL; Use the
https://hostname:443/* format (for example -
- Select the Use Virtual hostname option and type the Virtual Hostname. This should be the same name as the SharePoint server's internal name (for example -
- Under Action, select the Rewrite External Links and Host-Header forwarding checkboxes.
- Click Save Changes. The following image illustrates a sample configuration:
The following steps are optional and are required; only if you experience the associated issues.Issue with Interactive Applications and user session cookies
When SharePoint Resources are used along with applications other than the Web browser, such as Microsoft Office, then these applications do not forward the users Session cookie; when making a request to the SA.
This results in the SA disallowing the request and redirecting the user to the SSL VPN login page. Typically, the end user experience for this issue is that when users perform certain actions, it invokes an application (such as Microsoft Word), and they will see the SSL VPN login page within Microsoft Word.Workaround:
If the user's session cookie is made persistent, then applications may forward the cookie when sending the request to SA and this issue may not occur. However, setting a user session cookie as persistent may have undesirable side effects; such as leaving user sessions open, if they do not logout gracefully. So refer to the SA admin guide, prior to making such changes.
Issue with interactive applications and SA caching policies
- Admin UI > User Roles > Select the Specific Role > General > Session Options > Persistent Session > Enabled.
By default, the SA adds HTTP headers, which discourages a browser or any application from caching content. However, certain applications need access to cached content.Workaround
Create a Caching policy on SA to prevent modification of the caching headers:
- Go to Admin UI > Resource Policies > Web > Caching.
- Create a New Policy:
- Enter the name and description.
- Under Resource, type the URL of the SharePoint server. For example, https://sharepoint.juniper.net:443/*.
- Select the appropriate Roles.
- Under Action, select the Unchanged option.
This should complete the configuration, which is required to access SharePoint resources via PTP based access.Note: SharePoint 2010 is supported only on IVE OS 7.1R1 or later.