Configuring the Deployment Options

Configuring the Proxy Settings

To Configure the Proxy Settings

1. Log onto the Portal Server administration console as administrator.

2. Select the Secure Remote Access tab and click the profile name to modify its attributes.

3. Select the Deployment tab.

4. Modify the following attributes:

   Attribute Name	Description
   Use Proxy	Select the Use Proxy checkbox to enable the usage of web proxies.
   Webproxy URLs	Enter the required URL in the Use Webproxy URLs edit box in the format http://host name.subdomain.com, and then cClick Add. The URL is added to the Use Webproxy URLs list.	You can specify that the Gateway needs to contact certain URLs only through the webproxies listed in the Proxies for Domains and Subdomains list, even if the Use Proxy option is disabled. You need to specify these URLs in the Use Webproxy URLs field. See Specifying a Proxy to Contact Access Manager for details on how this value affects the usage of proxies.
   Proxies for Domains and Subdomains	The entry is added to the Proxies for Domains and Subdomains list box.  The format for entering the proxy information is as follows:  domainname proxy1:port1|subdomain1 proxy2:port2|subdomain2 proxy3:port3|* proxy4:port4 * indicates that the proxy defined after the * needs to be used for all domains and subdomains other than those specifically mentioned.  If you do not specify the port for the proxy, port 8080 is used by default.	See Specifying a Proxy to Contact Access Manager for details on how the proxy information is applied to various hosts.
   Proxy Password List	In the Proxy Password List field, enter the information for each proxy server, and then click Add.  The format for entering the proxy information is as follows:  proxyserver|username|password The proxyserver corresponds to the proxy server defined in the Proxies for Domains and Subdomains list.	You need to specify the user name and password required for the Gateway to authenticate to a specified proxy server, if the proxy server requires authentication to access some or all the sites.
   Automatic Proxy Configuration support	Select the Enable Automatic Proxy Configuration Support checkbox to enable PAC support.	If you select the option Enable Automatic Proxy Configuration, the information provided in the Proxies for Domains and Subdomains field is ignored. The Gateway uses the Proxy Automatic Configuration (PAC) file only for intranet configuration. See Using Automatic Proxy Configuration for information on PAC files.
   Automatic Proxy Configuration File location	In Location field, enter the name and location of the PAC file.

Configuring the Rewriter Proxy and Netlet Proxy

About NetLet Proxy

The Netlet proxy enhances the security of Netlet traffic between the Gateway and the intranet by extending the secure tunnel from the client, through the Gateway to the Netlet proxy that resides in the intranet.If the Netlet proxy is enabled, the Netlet packets are decrypted by the Netlet proxy and then sent to the destination server. This reduces the number of ports required to be opened in the firewall.

About Rewriter Proxy

The Rewriter proxy enables secure HTTP traffic between the Gateway and intranet. If you do not specify a Rewriter proxy, the Gateway component makes a direct connection to the intranet when a user tries to access a machine on the intranet.The Rewriter proxy does not run automatically after installation. You need to enable the Rewriter proxy as described below.

To Configure the Rewriter Proxy and Netlet Proxy

1. Log onto the Portal Server administration console as administrator.

2. Select the Secure Remote Access tab and click the profile name to modify its attributes.

   ---

   Note –

   Ensure that the Rewriter proxy and the Gateway use the same gateway profile.

   ---

3. Select the Deployment tab.

4. Modify the following attributes:

   Attribute Name	Description
   Rewriter Proxy	Select the Rewriter Proxy checkbox to enable the Rewriter proxy service.
   Rewriter Proxy List	Enter the host and port in the Rewriter Proxies edit box, in the format hostname:port. Tip – To determine if the port desired is available and unused, from the command line, enter: netstat -a | grep port-number | wc -l port-number is the required port. Click Add.
   Netlet Proxy	Select the Enable Netlet Proxy checkbox to enable the Netlet proxy service.
   Netlet Proxy Hosts	Enter the Netlet proxy host and port in the Netlet Proxy Hosts field, in the format hostname:port. Tip – To determine if the port desired is available and unused, from the command line, enter: netstat -a | grep port-number | wc -l port-number is the required port. Click Add.
   Netlet Tunneling via Web Proxy	Select the Enable Netlet Tunneling via Web Proxy checkbox to enable tunneling.

5. Run portal-server-install-root/SUNWportal/bin/certadmin on the server to create a certificate for the Rewriter proxy.

   You need to do this step only if you have not chosen to create a certificate while installing the Rewriter proxy.

6. Log in as root to the machine where the Rewriter proxy is installed and start the Rewriter proxy:

   rewriter-proxy-install-root/SUNWportal/bin/rwproxyd -n gateway-profile-name start

7. Log in as root to the machine where the Gateway is installed and restart the Gateway:

   ./psadmin start-sra-instance -u amadmin -f passwordfile -N profilename -t gateway