##SSL offloading on UAG
SSL offload to external LoadBalancer usually a good practice to improve performance DS’s and UAG servers, avoiding it to extra work with encrypt traffic Also you should to change public Certificate in one place instead of replace it in each server
Note: all above are valid if you have alot devices registred in WS1 (more than 2000). For smaler deployments usually you may stay at much easy deployment without load balancers.
In case of SSL offloadin you should use one of the scenarios:
This can be used for traffic to Devcie Services endpoint only.
Even if you setup
SSL offload check box during DS installation AWCM endpoint will use encriprion with self-generated certificate for traffic on port
2001. In this case you need to enshure tant LoadBalancer trust for this cert (or ignores SSL errors)
❗️All you internal connection to AWCM must go though LoadBalancer enpoint to proper trust
Despite the availability
SSL offload check box in SEG and Content setup in WS1 Console, UAG server can work only with encripted http-traffic.
The UAG does not support any non-encrypted protocols. Therefore, SEG only supports SSL re-encryption (SSL bridging) or SSL pass through
HTTP traffic is not allowed for Content Gateway on port 80 on Unified Access Gateway because TCP port 80 is used by the edge Service Manager.