Symantec Access Management

Let me explain my setup. I have 3 servers, server1 (IIS Web Server), server2 (CA SSO 12.7 Components), server3(Access Gateway). Now, I want to protect the website hosted on server1 using Access Gateway's embedded webagent. How should I do this? I do not want install an agent on server1. Can anyone explain the flow to me? or point me to some good detailed article because I am unable to find anything which details in step.

I have created a virtual host on AG Proxy UI for server1. Also, created an access policy(for IIS web application) on CA SSO Admin UI and assigned AG's default agent to it. Restarted the AG services, but still my resources of server1 are not protected. Am I missing something here?

How are you accessing the resources of server1 ? directly or via Access Gateway ?

You need to access resource via AG.

For e.g say your resource in IIS server 1 is /test/

Instead of accessing it as http://server1/test, you will need to access it via AG virtual host say http://AGServer1/test/

when you do this, the agent on the AG performs the user authentication and authroization. Once Auth/AZ is complete it will then redirect the request to the backend server (IIS) .. 

You will also need to create the matching proxyrules (in proxyrules.xml) to have the request forwarded to the correct backend.