Problem

--Appliances

--Default ports (range 8090-8094) not open on network/firewall level

--No feasible way to open port

Resolution

*redirection is needed on application level.

*Usually, HTTPS (443) or HTTP (80) ports are open and could be used.

1. Open SSH session to the appliance

2. Navigate to following directory

/usr/platform/etc

3. Copy default HAProxy config file to a backup file

cp haproxy.cfg haproxy.cfg.default

4. Edit haproxy.cfg with your favorite editor (vi) and make it like this for HTTPS

global
        daemon
        nbproc 4

defaults
     clitimeout  60000
     srvtimeout  30000
     contimeout  4000

listen  lb :443
        mode tcp
        option ssl-hello-chk
        balance roundrobin # Load Balancing algorithm
        ## Define your servers to balance
        server ftdirect-host1 ftd-hostname:8090 check
        server ftdirect-host1 ftd-hostname:8091 check
        server ftdirect-host1 ftd-hostname:8092 check
        server ftdirect-host1 ftd-hostname:8093 check
        server ftdirect-host1 ftd-hostname:8094 check

and like this for HTTP

global
        daemon
        nbproc 4

defaults
     clitimeout  60000
     srvtimeout  30000
     contimeout  4000

listen  lb :80
        mode http
        option httpclose
        balance roundrobin # Load Balancing algorithm
        ## Define your servers to balance
        server ftdirect-host1 apollo:8090 check
        server ftdirect-host1 apollo:8091 check
        server ftdirect-host1 apollo:8092 check
        server ftdirect-host1 apollo:8093 check
        server ftdirect-host1 apollo:8094 check

5. Setup HTTP or HTTPS from FTD Web UI (webtop)

6. Use console-menu.sh to enable and start HAProxy

/usr/platform/scripts/console-menu.sh

C for Configuration

P for HAProxy Configuration

E for Enable HAProxy Server

S for Start HAProxy server

7. Reload the browser and it should now use HTTPS or HTTP as configured in haproxy.cfg above