Gateway Service

Enable HTTPS Connections 

Enables HTTPS connections. 

HTTPS Port 

443 

Specifies the HTTPS port. 

Enable HTTP Connections 

* 

Enables HTTP connections. 

HTTP Port 

80 

Specifies the HTTP port. 

Enable Rewriter Proxy 

* 

Enables secure HTTP traffic between Gateway and the intranet. Rewriter proxy and Gateway use the same gateway profile. 

Rewriter Proxy List 

List of Rewriter proxies. For multiple instances of Rewriter proxies enter the details for each in the form host-name:port

Enable Netlet 

Checked 

Enables security for TCP/IP (such as Telnet and SMTP), HTTP applications, and fixed port applications. 

Enable Proxylet 

Checked 

Enables the download of Proxylet on a client machine. 

Enable Netlet Proxy 

Enhances security for Netlet traffic between Gateway and the intranet by extending the secure tunnel from the client, through Gateway to Netlet proxy residing on the intranet. Disable if you do not want to use applications with Portal Server. 

Netlet Proxy Hosts 

Lists Netlet proxy hosts, in the format: hostname:port 

Enable Cookie Management 

Tracks and manages user sessions for all web sites that the user is permitted to access. (Does not apply to the cookies used by Portal Server to track Portal Server user sessions). 

Enable Persistent HTTP Connections 

Checked 

Enables HTTP persistent connections at Gateway to prevent sockets being opened for every object (such as images and style sheets) in the web pages. 

Maximum Number of Requests per Persistent Connection 

10 

Specifies the number of requests per persistent connection. 

Timeout for Persistent Socket Connections 

50 

Specifies the amount of time that needs to lapse before sockets are closed. 

Grace Timeout to Account for Turnaround Time 

20 

Specifies the grace amount of time for the request to reach Gateway after the browser has sent i and the time between gateway sending the response and the browser actually receiving it. 

URLs to which User Session Cookie is Forwarded 

Enables servlets and CGIs to receive Portal Server'ss cookie and use the APIs to identify the user. 

Maximum Connection Queue Length 

50 

Specifies the maximum concurrent connections that Gateway can accept. 

Gateway Timeout (seconds) 

120 

Specifies the time interval in seconds before Gateway times out its connection with the browser. 

Maximum Thread Pool Size 

200 

Specifies the maximum number of threads that can be pre-created in the Gateway thread pool. 

Cached Socket Timeout 

200 

Specifies the time interval in seconds before Gateway times out its connection with Portal Server. 

Portal Servers 

Specifies Portal Servers in the format http://portal server name:port -number. Gateway tries to contact each of the Portal Servers listed in a round robin manner to service the requests.

Server Retry Interval (seconds) 

120 

Specifies the time interval between requests to try to start Portal Server, Rewriter proxy or Netlet proxy after it becomes unavailable (such as a crash or it was brought down). 

Store External Server Cookies 

Allows Gateway to store and manage cookies for any third party application or server that is accessed through Gateway. 

Obtain Session Information from URL 

Encodes session information as part of the URL, whether cookies are supported or not. Gateway uses this session information found in the URL for validation rather than using the session cookie that is sent from the client’s browser. 

Use Proxy 

Enables usage of web proxies. 

Use Webproxy URLs 

Lists the URLs that Gateway needs to contact only through the webproxies listed in the Proxies for Domains and Subdomains list, even if the Use Proxy option is disabled. 

Do Not Use Webproxy URLs 

Lists URLs that Gateway can connect directly to. 

Proxies for Domains and Subdomains 

iportal.com 

sun.com 

Specifies which proxy to use to contact specific subdomains in specific domains. 

Proxy Password List 

Specifies the server name, user name and password required for Gateway to authenticate to a specified proxy server, if the proxy server requires authentication to access some or all the sites. 

Enable Automatic Proxy Configuration Support 

Specifies that the information provided in the Proxies for Domains and Subdomains field is to be ignored. 

Automatic Proxy Configuration File location 

Specifies the location of files to be used for PAC support. 

Enable Netlet Tunneling via Web Proxy 

Extends the secure tunnel from the client, through Gateway to the web proxy that resides in the intranet. 

Enable HTTP Basic Authentication 

Checked 

Saves the username and password so that users need not re-enter their credentials when they revisit BASIC-protected web sites. 

Non-authenticated URLs 

/portal/desktop/images 

/amserver/login_images 

/portal/desktop/css 

/amserver/jss 

/amconsole/console/css 

/portal/searchadmin/console/js 

/amconsole/console/js 

/amserver/css 

Specifies URLs that do not need any authentication, such as directories that contain images. 

Certificate-enabled Gateway hosts 

Lists the certificate-enabled Gateway hosts. 

Allow 40-bit Encryption 

Allows 40-bit (weak) Secure Sockets Layer (SSL) connections. If you do not select this option, only 128-bit connections are supported. 

Enable SSL Version 2.0 

checked 

Enables SSL version 2.0. 

Disabling SSL 2.0 means that browsers that support only the older SSL 2.0 cannot authenticate to SRA.This ensures a greater level of security. 

Enable SSL Cipher Selection 

Enables SSL cipher selection. You have the option of to support all the pre-packaged ciphers, or you can select the required ciphers individually. You can select specific SSL ciphers for each Gateway instance. 

SSL2 Ciphers 

Lists the SSL version 2 ciphers you can choose. 

SSL3 Ciphers 

Lists the SSL version 3 ciphers you can choose. 

TLS Ciphers 

Lists the TLS ciphers. 

Enable SSL Version 3.0 

checked 

Enables SSL version 3.0. 

Disabling SSL 3.0 means that browsers that support only the SSL 3.0 cannot authenticate to SRA. This ensures a greater level of security. 

Enable Null Ciphers 

Enables null ciphers. 

Trusted SSL Domains 

Lists the trusted SSL domains. 

Mark Cookies as secure 

Marks cookies as secure. The Enable Cookie Management option must be enabled. 

Enable Rewriting of All URIs 

Specifies that any URI is rewritten without checking against the entries in the Proxies for Domains and Subdomains list. 

Map URIs to RuleSets 

*://*.iportal.com*/portal/* |default_gateway_ruleset

*/portal/NetFileOpenFileServlet*

|null_ruleset

*|generic_ruleset

REPLACE_WITH_IPLANET_MAIL_SERVER_NAME|iplanet_mail_ruleset

REPLACE_WITH_EXCHANGE_SERVER_ NAMEexchange_2000sp3_owa_ruleset

*://*.iportal.com*/amconsole/*|default_gateway_ruleset

REPLACE_WITH_INOTES_SERVER_NAME|inotes_ruleset

http*://*/portal/NetFileController*|null_ruleset

Associates a domain with the ruleset using the Map URIs to RuleSets list. Rulesets are created under Portal Server Configuration in the Access Manager administration console. 

Map Parser to MIME Types 

JAVASCRIPT=application/x-java

XML=text/xml

HTML=text/html;text/htm;text/x-component;text/wml;text/vnd.wap.wml

CSS=text/css

Associates new MIME types with HTML, JAVASCRIPT, CSS or XML. Separate multiple entries with a semicolon or a comma. 

URIs Not to Rewrite 

Lists the URIs not to rewrite. Note: Adding #* to this list allows URIs to be rewritten, even when the href rule is part of the ruleset. 

Default Domains 

Resolves a host name to a default domain and subdomain. This is specified during installation 

Enable MIME Guessing 

Enables MIME guessing when MIME is not sent. You must add data to the Map Parser to URIs list box. 

Map Parser to URI Mappings 

Maps a parser to the URI. Multiple URIs are separated by a semicolon. 

For example HTML=*.html; *.htm;*Servlet 

means that Rewriter is used to rewrite the content for any page with a html, htm, or Servlet extension. 

Enable Masking 

Allows Rewriter to rewrite a URI so that the Intranet URL of a page is not seen. 

Seed String for Masking 

Specifies a seed string used for masking a URI. A masking algorithm generates this random string. 

URIs not to Mask 

Specifies Internet URIs not to be mask. This is used when applications (such as an applet) require an Internet URI. 

For example if you added 

*/Applet/Param* 

to the list box, the URL would not be masked if the content URI http://abc.com/Applet/Param1.html is matched in the ruleset rule. 

Make Gateway protocol Same as Original URI Protocol 

Enables Rewriter to use a consistent protocol to access the referred resources in the HTML content. 

This applies only to static URIs, not to dynamic URIs generated in Javascript.