Configuring external network access to ASM
You can configure ASM so users on a public network can access Self Service Portal and the ASM app without needing to log into the corporate network.
Depending on organizational security requirements, the recommended environment and security configurations may differ. The most common security recommendation is to create a demilitarized zone (DMZ) containing a reverse proxy server buffered by firewalls.
Work with your Network Administration teams to configure reverse proxy servers, DMZ, and IIS redirection.
We outline three DMZ scenarios, based on whether or not Windows Authentication is enabled on the ASM System within the secure network:
DMZ with a web server where ASM Core is installed. The ASM System within the secure network may / may not have Windows Authentication enabled.
For more information, see Option 1: Install a second ASM System on a web server in the DMZ.
DMZ with a reverse proxy server. The ASM System within the secure network has Windows Authentication disabled.
For more information, see Option 2: Set up a Reverse Proxy Server in the DMZ, Authentication Disabled.
DMZ with a reverse proxy server. The ASM System within the secure network has Windows Authentication enabled.
For more information, see Option 3: Set up a Reverse Proxy Server in the DMZ, Authentication Enabled.
