Cisco Catalyst SD-WAN Control Components and Device Management Guide, Releases 26.x and Later

PDF

Configure reverse proxy settings on Cisco SD-WAN Controllers

Updated: June 9, 2026

Want to summarize with AI?

Describes how to configure reverse proxy settings on Cisco SD-WAN Controllers to enable WAN edge devices to authenticate with the reverse proxy using certificates.

Procedure

From the Cisco SD-WAN Manager menu, choose Configure > Devices.

Click Controllers .

Note

Starting from Cisco IOS XE Catalyst SD-WAN Release 17.13.1a , the Controllers tab is renamed as the Control Components tab to stay consistent with Cisco Catalyst SD-WAN rebranding.

For the desired Cisco SD-WAN Manager instance or Cisco SD-WAN Controller, click … and click Add Reverse Proxy .

The Add Reverse Proxy dialog box appears.

To map a private IP address and port number to a proxy IP address and port number, do as follows:

Click Add Reverse Proxy.

Enter the following details:


Private IP	The private IP address is the IP address of the transport interface in VPN 0.
Private Port	This is the port used to establish the connections that handle control and traffic in the overlay network. The default port number is 12346.
Proxy IP	Proxy IP address to which private IP address must be mapped.
Proxy Port	Proxy port to which the private port must be mapped.

If the Cisco SD-WAN Manager instance or Cisco SD-WAN Controller has multiple cores, repeat Step 4 a and Step 4 b for each core.

To delete a private IP address-port number to proxy IP address-port number mapping, find the mapping and click the trash icon.

To save the reverse proxy settings, click Add.

To discard the settings, click Cancel.

In the Security feature template attached to the Cisco SD-WAN Manager instance or Cisco SD-WAN Controller, choose TLS as the transport protocol.

After you configure reverse proxy settings on a Cisco SD-WAN Manager instance or a Cisco SD-WAN Controller, WAN edge devices in the overlay network are provisioned with a certificate for authentication with the reverse proxy.

When a reverse proxy is deployed, Cisco SD-WAN Validator shares the details of the reverse proxy with the WAN edge devices.
On learning about the reverse proxy, a WAN edge device initiates the installation of a signed certificate from Cisco SD-WAN Manager.
After the certificate is installed, the WAN edge device uses the certificate for authentication with the reverse proxy and connects to the reverse proxy.

Need help?

Open a support case

(Requires a Cisco Service Contract)

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.