Reset Search
 

 

Article

KB19908 - Configuration of Pass Through Proxy (PTP) based access method for Microsoft SharePoint 2003, SharePoint 2007, and SharePoint 2010 resources

« Go Back

Information

 
Last Modified Date8/3/2015 8:55 PM
Synopsis
How to configure the Pass Through Proxy (PTP) based access method for Microsoft SharePoint 2003, SharePoint 2007, and SharePoint 2010 resources.
Problem or Goal
  • Certain Microsoft SharePoint functionalities may not be supported, when accessed via the Connect Secure (PCS) Web-Rewrite access method; for example, Office Web Apps in SharePoint 2010.
  • In such scenarios, you may be advised to configure Pass Through Proxy access method for SharePoint resources, as PTP access for SharePoint 2003, SharePoint 2007, and SharePoint 2010 needs some additional configuration.

 

Cause
Solution
Prerequisites for setting up SharePoint access through PTP based access
  • The Pass Through Proxy must be configured in host-mode (that is, by using a Virtual hostname).
  • The Virtual hostname must be the same as the SharePoint server's internal hostname. 
  • Internally, the SharePoint server must be accessible over HTTPS on port 443 and the server should have a valid SSL certificate.
  • The external DNS should resolve the SharePoint server's hostname to the external interface IP (or external virtual interface IP) of the SA. And the internal DNS, that the SA uses, should resolve the SharePoint server's hostname to the actual IP of the SharePoint server.

Configuration procedure:
 
  1. From the Admin UI, go to Resource Policy > Web > Passthrough Proxy and click New Application.
  2. In the Application field, type a name for the application and in the Description field, type a brief description.
  3. In the URL field, type the SharePoint server URL; Use the https://hostname:443/* format (for example - https://sharepoint.juniper.net:443/*).
  4. Select the Use Virtual hostname option and type the Virtual Hostname. This should be the same name as the SharePoint server's internal name (for example - sharepoint.juniper.net).
  5. Under Action, select the Rewrite External Links and Host-Header forwarding checkboxes.
  6. Click Save Changes. The following image illustrates a sample configuration:SharePoint Sample Config  

Additional configuration tips:

The following steps are optional and are required; only if you experience the associated issues.

Issue with Interactive Applications and user session cookies:

When SharePoint Resources are used along with applications other than the Web browser, such as Microsoft Office, then these applications do not forward the users Session cookie; when making a request to the SA.

This results in the SA disallowing the request and redirecting the user to the SSL VPN login page. Typically, the end user experience for this issue is that when users perform certain actions, it invokes an application (such as Microsoft Word), and they will see the SSL VPN login page within Microsoft Word.

Workaround:

If the user's session cookie is made persistent, then applications may forward the cookie when sending the request to SA and this issue may not occur. However, setting a user session cookie as persistent may have undesirable side effects; such as leaving user sessions open, if they do not logout gracefully. So refer to the SA admin guide, prior to making such changes.
 
  • Admin UI > User Roles > Select the Specific Role > General > Session Options > Persistent Session > Enabled.

Issue with interactive applications and SA caching policies:

By default, the SA adds HTTP headers, which discourages a browser or any application from caching content. However, certain applications need access to cached content.

Workaround:

Create a Caching policy on SA to prevent modification of the caching headers:
  1. Go to Admin UI > Resource Policies > Web > Caching.
  2. Create a New Policy:
  3. Enter the name and description.
  4. Under Resource, type the URL of the SharePoint server. For example, https://sharepoint.juniper.net:443/*.
  5. Select the appropriate Roles.
  6. Under Action, select the Unchanged option.  
This should complete the configuration, which is required to  access SharePoint resources via PTP based access.

Note: SharePoint 2010 is supported only on IVE OS 7.1R1 or later.
Related Links
Attachment 1 
Created ByData Deployment

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255