Configure Web Proxy

The Web Proxy component of remote proxy services provides a secure interface between applications on the LAN and clients on the Internet. An example of a client is the web collaboration client of MiCollab Audio, Web and Video Conferencing.

Use the following procedure to add the WAN-side host name of the LAN server you wish to proxy and configure access to its client and administrative interfaces.

The instructions assume that an external DNS server resolves your WAN-side host name (for example, “MAS1.mitel.com”) to the corporate firewall which, in turn, sends HTTP requests to the Web Proxy server. It is also assumed that MSL is configured to use an internal DNS server which resolves the LAN-side host name (also “MAS1.mitel.com”) to the actual server on the LAN.

For more information about the Web Proxy and its uses, see the MBG Installation and Maintenance Guide.

To add a LAN server to the Web Proxy:

1. On the MBG main page, under Remote proxy, click Domain list.
2. Click to add new LAN server proxy.
3. Select Enabled.
4. In the WAN-side FQDN field, enter the domain name of the server to which you want to proxy in FQDN format (for example, “MAS1.mitel.com”). This is the name that external users will enter in their web browsers to access the LAN host.
   Note: The LAN-side host name defaults to the WAN-side FQDN.
5. Select the LAN server and user interface:

   LAN server	User interface
   MiCollab	MiCollab: Select to forward MiCollab client traffic to the web-based communications portal on the MiCollab server (which will be the WAN-side FQDN). Note: This selection includes the required URLs for NuPoint UM on MiCollab. MiCollab Client: Select to forward MiCollab Client traffic (web portal or mobile portal) to the MiCollab server. MiCollab Unified Messaging: Select to forward NuPoint UM client traffic (web view or system admin view) to the MiCollab server. Deployment Unit: Select to forward MiCollab Client deployment traffic to the MiCollab server MiCollab Audio, Web and Video Conferencing: Select to forward MiCollab Audio, Web and Video Conferencing client traffic to the MiCollab server. Note: Ensure that the Use HTTPS Only setting is enabled in System Options configuration. Refer to the Configuring Web Conferencing Settings section of the MiCollab Audio, Web and Video Conferencing Configuration and Maintenance Manual for full instructions. Google Calendar Integration to AWV: Select to forward Google Apps traffic (i.e. traffic that includes “google” as part of the FQDN in HTTPS requests) to the MiCollab server. Listen port for MiCollab AWV: Listen port for MiCollab AWV (two WAN IPs): For external access to MiCollab Audio, Web and Video Conferencing in a configuration with two public IP addresses, enter the default AWV port, 4443. This is the port that the Web Proxy listens on for Connection Point (or Collaboration) traffic. If your MSL network configuration is deployed in Network-Edge mode (server-gateway mode) with a second external IP, the AWV listen port entry is not required. Listen port for MiCollab AWV (one WAN IP): For external access with only one public IP, MiCollab Audio, Web and Video Conferencing must be configured with identical internal and external ports; the recommended port being 4443. Ensure to have the same port number entered in this field.
   MiVoice Business	This setting provides access to the MiVoice Business System Administration Tool (ESM) interface.
   MiCollab Client	Select to forward MiCollab Audio, Web and Video Conferencing client traffic to the MiCollab Client server (WAN-side FQDN). Note: This setting is for access on standalone MiCollab Client only. Access for the MiCollab version of MiCollab Client is supplied in the MiCollab web-based communications portal.
   MiCollab Unified Messaging	Select to forward NuPoint UM client traffic (web view) to the NuPoint UM server (WAN-side FQDN). Note: This setting is for access on standalone NuPoint UM only. Access for the MiCollab version of NuPoint UM is supplied in the MiCollab web-based communications portal.
   generic MSL admin only	This setting provides access to MSL interface.
   Open Integration Gateway	Select to forward Mitel OIG application web service requests (https: only) to the Mitel OIG server within the enterprise network. The WAN-side FQDN for the OIG server used for the remote Mitel OIG application must match the LAN-side FQDN for the Mitel OIG server within the enterprise network.
   MiCloud Management Portal	This setting provides access to the Mitel MiCloud Management system management and customer self-service application.
   MiContact Center	This setting provides access to the Mitel MiContact Center application.
   MiVoice Call Recording	This setting provides access to the Mitel MiVoice Call Recording application.
   MiVoice Office 400 Self-Service Portal	This setting provides access to the Mitel MiVoice Office 400 platform.
   Note: Only administrative access is available for the MiVoice Business server and the MSL server.

6. To enable administrative access to the LAN server, select Yes in the Do you wish to permit remote administrative access? field.
7. To restrict access to one or more specific network addresses (that is, to allow only these addresses to access the Web Proxy), select Some from the drop down, click add netblock and then enter an address in the Network Address field. Click add netblock again to enter another address.
8. Click Save.

To modify or disable an existing proxy:

1. In the MBG main page, under Remote proxy, click Domain list.
2. On the LAN server proxy list tab, click .
3. Make the required changes (or clear the Enabled check box to disable the proxy) and click Save.

To delete an existing proxy:

1. In the MBG main page, under Remote proxy, click Domain list.

2. On the LAN server proxy list tab, click .

3. Click OK.