Add the ability to set an alternate relay address

anonymous

9 years ago
updated 2 years ago
Considering for Future Release

Our situation :
We have 3 offices in Canada (HQ, A, B)
HQ-A have MPLS link between them,
HQ-B use VPN over internet.
All location have independent internet access.

We use access session on all system in all location, but the relay is located in the HQ.

Curent setup.
1 DNS name to the server that resolve to an external IP when out of the local infrastructure and an internal IP when inside the infrastructure.
- This way system on our internal network dont use the public internet access, it more secure, reduce the global bandwitch and load on our front end firewall.
The issue, if the inter-site link go down, the access session will not be able to connect, as the DNS will still resolve to the internal IP, resulting in disconnection.

Our need, be able to setup 2 URL for the a access session, as such when the 1st is irresponsible the client can try connecting to the second one, with a retest every X to go back to primary.
With this we could setup our client with a internal URL as primary and an external URL as secondary and still reach our system if the VPN or MPLS go down, but not the internet.

Replies 29

Oldest first
Newest first Oldest first

Sean Keown

6 years ago

Please make the port adjustable for the second host. i.e primary relay://domain.com:443 secondary relay://domain.com:80 This would allow us to attempt a connection on port 443 by default and then failover to port 80 for sites that do packet inspection on 443 and block the relay from connecting.

Reply Link

jhardwick

It would be nice to be able have the IPs from the Cloud tenants pushed out to the clients as well -- so the primary connection can be via DNS, but if for some reason DNS resolution isn't working it could still connect via IP.

I understand that the IPs on the cloud side can change from time to time and that I believe as things stand now, the config in question would only be refreshed when the client is installed... so understand that this might not be as simple of a change, but I think it would provide a great value..

At a minimum the ability for the client to try to connect to the last known IP if for some reason DNS isn't working

Gary Herbstman

This should have alternate relays similar to how CW Automate works. We have had several situations where DNS failed and the control clients will not connect. If there was a backup/secondary via an IP address, it would have saved us a lot of grief.

I could be wrong, but connecting via IP sounds dangerous unless your SSL certificate has your IP address inside of it. Otherwise the control agent would have to accept invalid SSL certificates which could be bad if someone is preforming a MITM attack.

As far as I know, CWC does not use an ssl cert to communicate with the server. Neither does CWA. They use other methods of authentication.

Good point, I forgot that the control portion is using the relay address and is AES encrypted.

Ademar

5 years ago

Dear Sean Keown, Please let know where I have to do the adjustment you indicate.

Jeremy Nelson

4 years ago

Any progress on this?

Ben

2 years ago

Quote from Mark Bell

Here's another application for this feature... My SC server hosts other applications using both IPv4 and IPv6. I would like to be able to provide specific IPv4 and IPv6 addresses for both the relay and web server to listen on. While I understand I could use the "WebServerAlternateListenUri" parameter to specify and IPv6 address, I am currently using that for port 80 so my users can just enter the server's FQDN and not have to type in "https" in the URL when accessing a support session.

bro i want to contact u about the same issue so how can i contact u

Welcome to our community!

Add the ability to set an alternate relay address

Top contributors