This guide outlines the steps required to set up an Appian Cloud site to receive inbound HTTPS access over a VPN tunnel and the Internet at the same time. This configuration is intended for customers who require to have systems within their network initiate HTTPS requests to Appian Cloud over an IPSec VPN tunnel.
Note: When generating the CA-signed certificate required to set up a custom domain, Appian does not allow the use of SAN or wildcard certificates with sites are accessed over the VPN tunnel.
Once all prerequisites are completed, contact Appian Support to schedule a maintenance window and enable the site to receive inbound HTTPS traffic over the VPN. Inbound traffic from the Internet is configured in prerequisite "Configure custom domain" outlined above. After the maintenance window is completed, the site(s) will be accessible through the VPN and the Internet.
Note: Sites running on a high availability configuration will require additional configurations (for the connections over VPN). In this scenario, Appian provides three private IP addresses and network configuration is performed by the customer to forward web requests to a healthy web server.
The following diagram illustrates a sample traffic flow when end users and systems access an Appian Cloud site over the Internet and the VPN tunnel at the same time. This diagram assumes a customer-managed DNS server has been set up to resolve to a private IP address or a public CNAME based on the origin of the request.
Note: This is not the only method to meet the prerequisites outlined above and the implementation details will largely depend on each customer environment.
Please refer to the diagram above when following the flow description in this table.
This article applies to all versions of Appian Cloud.
Last Reviewed: September 2019
© 2019 Appian. All rights reserved.