Resolution

Update: The recommended approach is to upgrade to Unified Access Gateway 3.2+ Pre-requisites: AirWatch Console 9.2+ (and corresponding Content Gateway and Tunnel Releases)Unified Access Gateway 3.1 (no longer applies to 3.2+) Note: If using the Tunnel Proxy component and the Content Gateway is configured to use Port 443, the TLS Port Sharing feature must be disabled (this requirement will be relaxed in a future UAG Release). Pre-configuration Steps: As a best practice, VMware AirWatch recommends running these steps prior to installing the Unified Access Gateway: Ensure TLS Port Sharing is disabled (more details available in the UAG Guide).Run the following command to confirm the current state of IP rules: iptables -t nat -L Copy the printout and save for validation after the next steps.Modify the ipv4-forwardrules by running the following command: vi /opt/vmware/gateway/conf/ipv4-forwardrulesComment out the following lines (This can be done by adding the # character to the beginning of the line): -A PREROUTING -p tcp -m tcp --dport 443 -j REDIRECT --to-ports 6443-A OUTPUT -d 127.0.0.1/32 -p tcp -m tcp --dport 443 -j REDIRECT --to-ports 6443 Below them, add the following rules: - -A PREROUTING -p tcp -m tcp --dport 443 -j REDIRECT --to-ports 10443-A OUTPUT -d 127.0.0.1/32 -p tcp -m tcp --dport 443 -j REDIRECT --to-ports 10443 Run the following command: iptables-restore /opt/vmware/gateway/conf/ipv4-forwardrules Execute the following command, again: iptables -t nat -L Compare results to original and you should notice the change in port 443. If you don't see a change in Ports, reboot the Server: reboot now Once the Server is running, run the following commands again: iptables-restore /opt/vmware/gateway/conf/ipv4-forwardrulesiptables -t nat -L Here is an example of what the final changes look like: *nat:PREROUTING ACCEPT [5:348]:INPUT ACCEPT [4:270]:OUTPUT ACCEPT [2:104]:POSTROUTING ACCEPT [2:104]-A PREROUTING -p udp -m udp --dport 443 -j REDIRECT --to-ports 9443-A PREROUTING -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 8080#-A PREROUTING -p tcp -m tcp --dport 443 -j REDIRECT --to-ports 6443-A PREROUTING -p tcp -m tcp --dport 443 -j REDIRECT --to-ports 10443-A OUTPUT -d 127.0.0.1/32 -p udp -m udp --dport 443 -j REDIRECT --to-ports 9443-A OUTPUT -d 127.0.0.1/32 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 8080#-A OUTPUT -d 127.0.0.1/32 -p tcp -m tcp --dport 443 -j REDIRECT --to-ports 6443-A OUTPUT -d 127.0.0.1/32 -p tcp -m tcp --dport 443 -j REDIRECT --to-ports 10443COMMITYou should now be able to run both Services concurrently on the UAG.Other Languages: 日本語