test

Sun Java System Portal Server Secure Remote Access 7.2 Administration Guide

Types of Rules

Two types of Netlet rules are based on how the destination host is specified in the rule.

Static Rule

A static rule specifies a destination host as part of the rule. If you create a static rule, the user does not have the option to specify the required destination host. In the following example, sesta is the destination host.

Rule Name 

Encryption Cipher 

URL 

Enable Download Applet 

Enable Extend Session 

Map Local Port to Destination Server Port 

ftpstatic 

SSL_RSA_WITH_RC 4_128_MD5

null 

false 

true 

  • Local Port: 30021

  • Destination Host: sesta

  • Destination Port: 21

You can configure multiple destination hosts and ports for static rules. See Static Rule With Multiple Host Connections for an example.

Dynamic Rule

In a dynamic rule, the destination host is not specified as a part of the rule. The user can specify the required destination host in the Netlet provider. In the following example, TARGET is the placeholder for the destination host.

Rule Name 

Encryption Cipher 

Remote Application URL 

Enable Download Applet 

Enable Extend Session 

Map Local Port to Destination Server Port 

ftpdynamic 

SSL_RSA_WIT H_RC4_128_MD5

null 

Select checkbox 

Select checkbox 

  • Local Port: 30021

  • Destination Host: TARGET

  • Destination Port: 21

Encryption Ciphers

Based on the encryption cipher, Netlet rules can be further classified as follows:

Rule Name 

Encryption Cipher 

Remote Application URL 

Enable Download Applet 

Enable Extend Session 

Map Local Port to Destination Server Port 

Telnet 

SSL_RSA_WITH_RC4 _128_SHA

null 

Select checkbox 

Select checkbox 

  • Local Port: 30000

  • Destination Host: TARGET

  • Destination Port: 23
 

SSL_RSA_WITH_RC4 _128_MD5

       

Note –

Although the Portal Server host may have various ciphers enabled, the user can choose only from the list that is configured as part of the Netlet rule.

See Supported Ciphers for a list of the ciphers supported by Netlet.

Rule Name 

Encryption Cipher 

Remote Application URL 

Enable Download Applet 

Enable Extend Session 

Map Local Port to Destination Server Port 

Telnet 

SSL_RSA_WITH_RC4_128_MD5

null 

Select checkbox 

Select checkbox 

  • Local Port: 30000

  • Destination Host: TARGET

  • Destination Port: 23

See Supported Ciphers for a list of ciphers supported by Netlet.

Supported Ciphers

Supported Ciphers lists the ciphers supported by Netlet.

Table 6–2 List of Supported Ciphers

Ciphers 

Native VM Ciphers

KSSL_SSL3_RSA_WITH_3DES_EDE_CBC_SHA 

KSSL_SSL3_RSA_WITH_RC4_128_MD5 

KSSL_SSL3_RSA_WITH_RC4_128_SHA 

KSSL_SSL3_RSA_EXPORT_WITH_RC4_40_MD5 

KSSL_SSL3_RSA_WITH_DES_CBC_SHA 

Java Plugin Ciphers

SSL_RSA_WITH_3DES_EDE_CBC_SHA 

SSL_RSA_WITH_RC4_128_MD5 

SSL_RSA_WITH_RC4_128_SHA 

SSL_RSA_EXPORT_WITH_RC4_40_MD5 

SSL_RSA_WITH_DES_CBC_SHA 

SSL_RSA_WITH_NULL_MD5 

TLS_RSA_WITH_AES_128_CBC_SHA 

TLS_RSA_WITH_AES_256_CBC_SHA 

Backward Compatibility

Earlier versions of Portal Server did not support ciphers as part of the Netlet rules. For backward compatibility with existing rules without ciphers, a default cipher is used by the rules. An existing rule without ciphers such as:

Rule Name 

Encryption Cipher 

Remote Application URL 

Enable Download Applet 

Enable Extend Session 

Map Local Port to Destination Server Port 

Telnet 

 

telnet://localhost:30000

Do not select checkbox 

Select checkbox 

  • Local Port: 30000

  • Destination Host: TARGET

  • Destination Port: 23

is interpreted as:

Rule Name 

Encryption Cipher 

Remote Application URL 

Enable Download Applet 

Enable Extend Session 

Map Local Port to Destination Server Port 

Telnet 

Default ciphers 

telnet://localhost:30000

Do not select checkbox 

Select checkbox 

  • Local Port: 30000

  • Destination Host: TARGET

  • Destination Port: 23

This is similar to an Administrator Configured Rule with the Encryption cipher field chosen as Default.

Note –

Netlet rules cannot contain any port number higher than 64000.