test

Sun Java System Portal Server Secure Remote Access 7.2 Administration Guide

Configuring the Rewriter Proxy and Netlet Proxy

About NetLet Proxy

The Netlet proxy enhances the security of Netlet traffic between the Gateway and the intranet by extending the secure tunnel from the client, through the Gateway to the Netlet proxy that resides in the intranet.If the Netlet proxy is enabled, the Netlet packets are decrypted by the Netlet proxy and then sent to the destination server. This reduces the number of ports required to be opened in the firewall.

About Rewriter Proxy

The Rewriter proxy enables secure HTTP traffic between the Gateway and intranet. If you do not specify a Rewriter proxy, the Gateway component makes a direct connection to the intranet when a user tries to access a machine on the intranet.The Rewriter proxy does not run automatically after installation. You need to enable the Rewriter proxy as described below.

ProcedureTo Configure the Rewriter Proxy and Netlet Proxy

  1. Log onto the Portal Server administration console as administrator.

  2. Select the Secure Remote Access tab and click the profile name to modify its attributes.

    Note –

    Ensure that the Rewriter proxy and the Gateway use the same gateway profile.

  3. Select the Deployment tab.

  4. Modify the following attributes:

    Attribute Name 

    Description 

    Rewriter Proxy 

    Select the Rewriter Proxy checkbox to enable the Rewriter proxy service. 

    Rewriter Proxy List 

    1. Enter the host and port in the Rewriter Proxies edit box, in the format hostname:port.

      Tip –

      To determine if the port desired is available and unused, from the command line, enter:

      netstat -a | grep port-number | wc -l

      port-number is the required port.

    2. Click Add.

    Netlet Proxy 

    Select the Enable Netlet Proxy checkbox to enable the Netlet proxy service. 

    Netlet Proxy Hosts 

    1. Enter the Netlet proxy host and port in the Netlet Proxy Hosts field, in the format hostname:port.

      Tip –

      To determine if the port desired is available and unused, from the command line, enter:

      netstat -a | grep port-number | wc -l

      port-number is the required port.

    2. Click Add.

    Netlet Tunneling via Web Proxy 

    Select the Enable Netlet Tunneling via Web Proxy checkbox to enable tunneling. 

  5. Run portal-server-install-root/SUNWportal/bin/certadmin on the server to create a certificate for the Rewriter proxy.

    You need to do this step only if you have not chosen to create a certificate while installing the Rewriter proxy.

  6. Log in as root to the machine where the Rewriter proxy is installed and start the Rewriter proxy:


    rewriter-proxy-install-root/SUNWportal/bin/rwproxyd -n gateway-profile-name start

  7. Log in as root to the machine where the Gateway is installed and restart the Gateway:


    ./psadmin start-sra-instance -u amadmin -f passwordfile -N profilename -t gateway