Denied URLs 

List of URLs that end-users cannot access through Gateway. 

Allowed URLs 

* 

List of URLs that end-users can access through Gateway. 

Single Sign On Disabled Hosts 

Disables single sign-on for a list of hosts. 

Enable Single Sign On per Session 

Enables single sign-on for a session. 

Allowed Authorization Levels 

* 

Indicates how much to trust an authentication. Use an asterisk to allow all authentication levels. For information on authentication levels, see the Access Manager Administration Guide.

Enable HTTPS Connections 

Enables HTTPS connections. 

HTTPS Port 

443 

Specifies the HTTPS port. 

Enable HTTP Connections 

* 

Enables HTTP connections. 

HTTP Port 

80 

Specifies the HTTP port. 

Enable Rewriter Proxy 

* 

Enables secure HTTP traffic between Gateway and the intranet. Rewriter proxy and Gateway use the same gateway profile. 

Rewriter Proxy List 

List of Rewriter proxies. For multiple instances of Rewriter proxies enter the details for each in the form host-name:port

Enable Netlet 

Checked 

Enables security for TCP/IP (such as Telnet and SMTP), HTTP applications, and fixed port applications. 

Enable Proxylet 

Checked 

Enables the download of Proxylet on a client machine. 

Enable Netlet Proxy 

Enhances security for Netlet traffic between Gateway and the intranet by extending the secure tunnel from the client, through Gateway to Netlet proxy residing on the intranet. Disable if you do not want to use applications with Portal Server. 

Netlet Proxy Hosts 

Lists Netlet proxy hosts, in the format: hostname:port 

Enable Cookie Management 

Tracks and manages user sessions for all web sites that the user is permitted to access. (Does not apply to the cookies used by Portal Server to track Portal Server user sessions). 

Enable Persistent HTTP Connections 

Checked 

Enables HTTP persistent connections at Gateway to prevent sockets being opened for every object (such as images and style sheets) in the web pages. 

Maximum Number of Requests per Persistent Connection 

10 

Specifies the number of requests per persistent connection. 

Timeout for Persistent Socket Connections 

50 

Specifies the amount of time that needs to lapse before sockets are closed. 

Grace Timeout to Account for Turnaround Time 

20 

Specifies the grace amount of time for the request to reach Gateway after the browser has sent i and the time between gateway sending the response and the browser actually receiving it. 

URLs to which User Session Cookie is Forwarded 

Enables servlets and CGIs to receive Portal Server'ss cookie and use the APIs to identify the user. 

Maximum Connection Queue Length 

50 

Specifies the maximum concurrent connections that Gateway can accept. 

Gateway Timeout (seconds) 

120 

Specifies the time interval in seconds before Gateway times out its connection with the browser. 

Maximum Thread Pool Size 

200 

Specifies the maximum number of threads that can be pre-created in the Gateway thread pool. 

Cached Socket Timeout 

200 

Specifies the time interval in seconds before Gateway times out its connection with Portal Server. 

Portal Servers 

Specifies Portal Servers in the format http://portal server name:port -number. Gateway tries to contact each of the Portal Servers listed in a round robin manner to service the requests.

Server Retry Interval (seconds) 

120 

Specifies the time interval between requests to try to start Portal Server, Rewriter proxy or Netlet proxy after it becomes unavailable (such as a crash or it was brought down). 

Store External Server Cookies 

Allows Gateway to store and manage cookies for any third party application or server that is accessed through Gateway. 

Obtain Session Information from URL 

Encodes session information as part of the URL, whether cookies are supported or not. Gateway uses this session information found in the URL for validation rather than using the session cookie that is sent from the client’s browser. 

Use Proxy 

Enables usage of web proxies. 

Use Webproxy URLs 

Lists the URLs that Gateway needs to contact only through the webproxies listed in the Proxies for Domains and Subdomains list, even if the Use Proxy option is disabled. 

Do Not Use Webproxy URLs 

Lists URLs that Gateway can connect directly to. 

Proxies for Domains and Subdomains 

iportal.com 

sun.com 

Specifies which proxy to use to contact specific subdomains in specific domains. 

Proxy Password List 

Specifies the server name, user name and password required for Gateway to authenticate to a specified proxy server, if the proxy server requires authentication to access some or all the sites. 

Enable Automatic Proxy Configuration Support 

Specifies that the information provided in the Proxies for Domains and Subdomains field is to be ignored. 

Automatic Proxy Configuration File location 

Specifies the location of files to be used for PAC support. 

Enable Netlet Tunneling via Web Proxy 

Extends the secure tunnel from the client, through Gateway to the web proxy that resides in the intranet. 

Enable HTTP Basic Authentication 

Checked 

Saves the username and password so that users need not re-enter their credentials when they revisit BASIC-protected web sites. 

Non-authenticated URLs 

/portal/desktop/images 

/amserver/login_images 

/portal/desktop/css 

/amserver/jss 

/amconsole/console/css 

/portal/searchadmin/console/js 

/amconsole/console/js 

/amserver/css 

Specifies URLs that do not need any authentication, such as directories that contain images. 

Certificate-enabled Gateway hosts 

Lists the certificate-enabled Gateway hosts. 

Allow 40-bit Encryption 

Allows 40-bit (weak) Secure Sockets Layer (SSL) connections. If you do not select this option, only 128-bit connections are supported. 

Enable SSL Version 2.0 

checked 

Enables SSL version 2.0. 

Disabling SSL 2.0 means that browsers that support only the older SSL 2.0 cannot authenticate to SRA.This ensures a greater level of security. 

Enable SSL Cipher Selection 

Enables SSL cipher selection. You have the option of to support all the pre-packaged ciphers, or you can select the required ciphers individually. You can select specific SSL ciphers for each Gateway instance. 

SSL2 Ciphers 

Lists the SSL version 2 ciphers you can choose. 

SSL3 Ciphers 

Lists the SSL version 3 ciphers you can choose. 

TLS Ciphers 

Lists the TLS ciphers. 

Enable SSL Version 3.0 

checked 

Enables SSL version 3.0. 

Disabling SSL 3.0 means that browsers that support only the SSL 3.0 cannot authenticate to SRA. This ensures a greater level of security. 

Enable Null Ciphers 

Enables null ciphers. 

Trusted SSL Domains 

Lists the trusted SSL domains. 

Mark Cookies as secure 

Marks cookies as secure. The Enable Cookie Management option must be enabled. 

Enable Rewriting of All URIs 

Specifies that any URI is rewritten without checking against the entries in the Proxies for Domains and Subdomains list. 

Map URIs to RuleSets 

*://*.iportal.com*/portal/* |default_gateway_ruleset

*/portal/NetFileOpenFileServlet*

|null_ruleset

*|generic_ruleset

REPLACE_WITH_IPLANET_MAIL_SERVER_NAME|iplanet_mail_ruleset

REPLACE_WITH_EXCHANGE_SERVER_ NAMEexchange_2000sp3_owa_ruleset

*://*.iportal.com*/amconsole/*|default_gateway_ruleset

REPLACE_WITH_INOTES_SERVER_NAME|inotes_ruleset

http*://*/portal/NetFileController*|null_ruleset

Associates a domain with the ruleset using the Map URIs to RuleSets list. Rulesets are created under Portal Server Configuration in the Access Manager administration console. 

Map Parser to MIME Types 

JAVASCRIPT=application/x-java

XML=text/xml

HTML=text/html;text/htm;text/x-component;text/wml;text/vnd.wap.wml

CSS=text/css

Associates new MIME types with HTML, JAVASCRIPT, CSS or XML. Separate multiple entries with a semicolon or a comma. 

URIs Not to Rewrite 

Lists the URIs not to rewrite. Note: Adding #* to this list allows URIs to be rewritten, even when the href rule is part of the ruleset. 

Default Domains 

Resolves a host name to a default domain and subdomain. This is specified during installation 

Enable MIME Guessing 

Enables MIME guessing when MIME is not sent. You must add data to the Map Parser to URIs list box. 

Map Parser to URI Mappings 

Maps a parser to the URI. Multiple URIs are separated by a semicolon. 

For example HTML=*.html; *.htm;*Servlet 

means that Rewriter is used to rewrite the content for any page with a html, htm, or Servlet extension. 

Enable Masking 

Allows Rewriter to rewrite a URI so that the Intranet URL of a page is not seen. 

Seed String for Masking 

Specifies a seed string used for masking a URI. A masking algorithm generates this random string. 

URIs not to Mask 

Specifies Internet URIs not to be mask. This is used when applications (such as an applet) require an Internet URI. 

For example if you added 

*/Applet/Param* 

to the list box, the URL would not be masked if the content URI http://abc.com/Applet/Param1.html is matched in the ruleset rule. 

Make Gateway protocol Same as Original URI Protocol 

Enables Rewriter to use a consistent protocol to access the referred resources in the HTML content. 

This applies only to static URIs, not to dynamic URIs generated in Javascript. 

Attribute 

Default Value 

Description 

OS Character Set 

Unicode(UTF-8) 

Specifies the character set used as the default encoding for communicating with hosts. 

Host Detection Order 

WIN, NETWARE, FTP, NFS 

Specifies the host detection order. 

Common Hosts 

Specifies hosts to be available through NetFile to all remote NetFile users. 

Default Domain 

Specifies the default domain that NetFile needs to use to contact allowed hosts. 

Default Microsoft Windows Domain/Workgroup 

Specifies the default Microsoft Windows domain or workgroup which the users choose to access a Windows host. 

Default WINS/DNS Server 

Specifies the WINS/DNS server that NetFile uses to access windows hosts. 

Allow Access to Windows Hosts 

Checked 

Allows access to Microsoft Windows hosts. 

Allow Access to FTP Hosts 

Checked 

Allows access to FTP hosts. 

Allow Access to NFS Hosts 

Checked 

Allows access to NFS hosts. 

Allow Access to Netware Hosts 

Checked 

Allows access to Netware hosts. 

Allowed Hosts 

* 

Specifies hosts that users can access through NetFile. 

Denied Hosts 

Specifies hosts that users cannot access through NetFile. 

Allow File Rename 

Checked 

Allows users to rename files. 

Allow File/Folder Deletion 

Checked 

Allows users to delete files and folders. 

Allow File Upload 

Checked 

Allows users to upload files. 

Allow File/Folder Download 

Checked 

Allows users to download files and folders. 

Allow File Search 

Checked 

Allows users to search. 

Allow File Mail 

Checked 

Allows file mailing. 

Allow File Compression 

Checked 

Allows file compression. 

Allow Changing User Id 

Checked 

Allows user to use a different ID. 

Allow Changing Windows Domains 

Checked 

Allows users to change Microsoft Windows domains. 

Window Size 

700|400 

Specifies the size of the NetFile window in pixels on the user’s desktop. If you enter an invalid value, NetFile uses the default value. 

Window Location 

100|50 

Specifies the location where the NetFile window displays on the user’s desktop. If you enter an invalid value, NetFile uses the default value. 

Temporary Directory Location 

/tmp 

Specifies a temporary directory for various NetFile file operations. 

Ensure that the ID with which the web server is running (such as nobody or noaccess) has rwx permissions for the specified directory. Also ensure that the ID has rx permissions for the entire path to the required temporary directory. 

You may want to create a separate temporary directory for NetFile. If you specify a temporary directory that is common to all modules of the Portal Server, the disk may quickly run out of space. NetFile does not work if the temporary directory has no space. 

File Upload Limit (MB) 

5 

Specifies the maximum size of the files that can be uploaded. If you enter an invalid value, NetFile resets the value to the default. Ensure that you type an integer value. 

You can specify different file upload size limits for different users. 

Search Directories Limit 

100 

Specifies the maximum number of directories that can be searched in a single search operation. 

Default Compression Type 

Zip 

Specifies either Zip or Gzip compression type. 

Default Compression Level 

6 

Specifies the compression level, a number between 1 and 9. 

MIME-types Configuration File Location 

/opt/S1PS62/SUNWportal/samples/config/netfile 

Specifies the response content type to send to the client browser. 

Netlet Rules 

Choose to add or delete a rule. 

If you add a rule, the following nine attributes are necessary: 

--Rule Name 

Specifies a unique name for the rule. 

--Encryption Ciphers 

Specifies the required ciphers. 

--URL 

Specifies the URL to the application to be invoked. 

--Download Applet 

Specifies if an applet needs to be downloaded. If an applet is used, the syntax in the associated edit box is: 

local-port:server-host:server-port 

--Extend Session 

Ensures that the Portal Server session time is extended while the Netlet session corresponding to this rule is running. 

--Map Local Port to Destination Server Port 

Specifies local port, target host and target ports. After entering those values (in the next three rows of this table), click add to make them appear in the list. 

--Local Port 

Specifies the local port on which Netlet listens. For an FTP rule, the local port value must be 30021. 

--Destination Hosts 

Static rules contain the host name of the destination machine for the Netlet connection. 

Dynamic rules contain the word "TARGET". 

-- Destination Ports 

Specifies the port on the destination host. 

Default Native VM Cipher 

Specifies the default cipher for the Netlet rules. This is useful when using existing rules that did not include the cipher as a part of the rule. 

Default Java Plugin Cipher 

Specifies the default cipher for the Netlet rules. This is useful when using existing rules that did not include the cipher as a part of the rule. 

Default Loopback Port 

58000 

Specifies the port to be used on the client when applets are downloaded through Netlet. The default value can be overridden in the Netlet rules. 

Reauthenticate for Connections 

Ensures that users enter the Netlet password each time a Netlet connection needs to be established. 

Display Warning Popup for Connections 

Checked 

Displays a message when the user runs the application over Netlet, and also when an intruder tries to gain access to the desktop through the listen port. 

Display Checkbox in Port Warning Dialog 

Checked 

Provides the user with the option to suppress the Warning Dialog Popup when Netlet tries to connect to the destination host on the user's standard Portal Desktop. 

Keep Alive Interval (minutes) 

0 

If the client is connecting to the Gateway through a web proxy, then idle Netlet connections are disconnected due to proxy timeout. To prevent this, give a value less than the proxy timeout for this parameter. 

Terminate Netlet at Portal Logout 

Checked 

Ensures that all connections are terminated when a user logs out of the Portal Server. 

Access to Netlet Rules 

* 

Define access to specific Netlet rules for certain organizations, roles or users. 

Deny Netlet Rules 

Denies access to specific Netlet rules for certain organizations, roles or users. 

Allowed Hosts 

* 

Defines access to specific hosts for certain organizations, roles or users. 

Denied Hosts 

Denies access to specific hosts within an organization. 

Download Proxylet Applet Automatically 

When the checkbox is checked, Proxylet is downloaded to the client machine when the user logs on. 

Default Proxylet Applet Bind IP 

127.0.0.1 

The IP address where the Proxylet Applet resides. 

Default Proxylet Applet Port 

58081 

This is the port where Proxylet listens.