- 20 Nov 2024
- Print
- PDF
icom Connectivity Suite - VPN - Web Proxies
- Updated on 20 Nov 2024
- Print
- PDF
The icom Connectivity Suite – VPN allows to set up web proxies. Web proxies provide access to a web service that is accessible in the VPN via the HTTP or HTTPS protocol. This allows to access many HTTP(S)-capable devices (e.g. IP cameras) from almost any PC or smartphone with Internet access. Data transmission is carried out encrypted via HTTPS. The device can be accessed via the address shown in the Webproxy call column. Authentication is accomplished using a user name and password combination. The user name is either the name of the web proxy or the serial number of the INSYS router to which the device to be accessed is connected to. The password is the device code of the INSYS router. The default code (configurable in the My VPN Hub tab) is effective, if no device code is configured.
Password authentication can be optionally deactivated. This may be necessary, if a camera requires an HTTP authentication since a two-stage authentication is not possible in one browser session.
It is also possible to establish a persistent connection for full-duplex communication through a WebSocket using the port specified.
Security risk!
The application concerned is accessible via the Internet when using a web proxy.
The encrypted connection is only protected against access by a password. This is either the device code of the INSYS routers or, if the password has been deactivated in the web proxy, the password of your application. Obey the rules for strong passwords. We do not recommend this function for applications that are relevant to security.
Note regarding the user interface!
The web proxies can currently only be configured on the classic user interface. See this note.
Setting up a web proxy
Proceed as follows to set up a web proxy.
Click in the classic UI on the Webproxies tab on Add new webproxy.
Select the Device for which the web proxy is to be set up from all INSYS routers registered with the icom Connectivity Suite - VPN.
Enter a Name that describes the web proxy such clearly that it can be distinguished from other web proxies.
Enter the IP address in VPN, the IP address under which the device is accessed in the VPN.
Check the checkbox The destination uses the HTTPS protocol, if the web proxy is supposed to support TLS-enabled connections between the VPN service and the edge device or application.
Enter the Port that is used to access the device.
Check the checkbox Use webproxy without authentication, if no password shall be required to access the device.
Please note!
This option is blocked due to reasons of security for accounts that exist longer. Please contact our Support to enable this option for your account.
Configure the following Advanced Settings for special use cases. We recommend the default settings unless you understand the effects of changing them.
If the checkbox Additional independent authentication at target device (Form-based-Auth only) is checked, a Form-based authentication on the target device may be used in addition to the authentication by the web proxy.
If the checkbox Proxy WebSocket protocol is checked, a WebSocket connection (ws: or wss:) between the VPN service and the application is possible. We recommend allowing a WebSocket connection when using a web proxy to access INSYS routers running icom OS 5.5 and above, for example.
It is possible to select the Web Proxy HTTP protocol version under Select protocol version. HTTP/1.1 is recommended for new web proxies. If required, use HTTP/1.0 to support communication with legacy web proxies.
If the checkbox CORS enabled is checked, Cross-Origin Resource Sharing is permitted, i.e. the client is permitted to make script requests to a server of a different domain, which is usually prohibited by the Same Origin Policy (SOP).
If the checkbox Accept-Encoding without compression is checked, further compression of transmitted content is not performed.
Click on OK to save your settings.
Security risk!
The application concerned is accessible via the Internet without protection by the icom Connectivity Suite – VPN upon deactivation of the authentication.
Security can only be provided by the application itself. A regular check of the application for security vulnerabilities is strictly recommended therefore. We do not recommend this function for applications that are relevant to security.
Managing the web proxies
The Webproxies tab shows a list of the existing web proxies. The web proxies can be managed here. Moreover, the scope and the validity period of the licences is indicated as well as the device to which they are assigned to.
The Copy button can be used to add another web proxy in which the parameters in the window are already preset with those of the copied web proxy. Adjusting these parameters allows a quick adding of similar web proxies.
The Delete button can be used to delete this web proxy.
The Manage button can be used to edit the settings of this web proxy.
The name of this web proxy is indicated in the Name column.
The Webproxy call column indicates the address that can be used to access the application behind the device without VPN access.
The IP in VPN column indicates the IP address under which the device is accessed in the VPN.
The Port column indicates the port that is used to access the device.
The Device column indicates the device in the VPN that is used to access the application.
An open lock appears in the last column, if this web proxy is configured for an access without password.