Configuring the Web Rewriting Feature

When intermediating content through the content intermediation engine, it is recommended that the GMT time on both Pulse Connect Secure and the backend Web application server be the same. This prevents any premature expiration of cookies if the Connect Secure system time is later than the Web application server time.

To configure the Web rewriting feature:

1.Create resource profiles that enable access to web sites, create supporting autopolicies (such as single sign-on and Java access control policies) as necessary, include bookmarks that link to the web sites, and assign the policies and bookmarks to user roles using settings in the Web Applications Resource Profiles page (Users > Resource Profiles > Web) of the admin console.

We recommend that the admin use resource profiles to configure Web rewriting (as described above). However, if the admin does not want to use resource profiles, the admin can configure Web rewriting using role and resource policy settings in the following pages of the admin console instead:

Create resource policies that enable access to web sites using settings in the Users > Resource Policies> Web > Web ACL page of the admin console.

As necessary, create supporting resource policies (such as single sign-on and Java access control policies) using settings in the Users > Resource Policies> Select Policy Type pages of the admin console.

Determine which user roles may access the web sites that you want to intermediate, and then enable Web access for those roles through the Users > User Roles > Select Role > General > Overview page of the admin console.

Create bookmarks to your web sites using settings in the Users > User Roles > Select Role > Web > Bookmarks page of the admin console.

As necessary, enable Web general options that correspond to the types of Web content you are intermediating (such as Java) using settings in the Users > User Roles > Select Role > Web > Options page of the admin console.

2.After enabling access to Web applications or sites using Web rewriting resource profiles or roles and resource policies, you can modify general role and resource options in the following pages of the admin console:

(Optional) Set additional Web browsing options (such as allowing users to create their own bookmarks or enabling hostname masking) Users > User Roles > Select Role > Web > Options page of the admin console.

Even if you enable hostname masking, links corresponding to protocols not rewritten by Web rewriting are not obfuscated. For example, ftp://xyz.pulsesecure.net and file://fileshare.pulsesecure.net/filename are not obfuscated. By not obfuscating the hostname, users can still access these resources.

(Optional) Set additional Web options for individual resources (such as enabling Web rewriting to match IP addresses to hostnames) using settings in the Users > Resource Policies> Web > Options page of the admin console.

  • Certain Web rewriting features (such as passthrough proxy and SSO to NTLM resources) require additional configuration. For more information, see the appropriate configuration instructions.
  • If rewriter or passthrough proxy initiates the SSL handshake to the IP instead of hostname of the backend server, then the SNI extension cannot be added to the handshake.