When you click the Gateway service, the right pane displays a button to create a new profile and a list of any gateway profiles that have been created.
If you click New, the next pane prompts you to enter the new gateway profile name. You have the option to use the default template or a previously created gateway profile as the template.
If you click one of the listed gateway profile names, a list of tabs are presented. They are:
Core lists the Gateway service core attributes.
Table A–2 Gateway Service Core Attributes
Attribute |
Default Value |
Description |
---|---|---|
Enable HTTPS Connections |
|
Enables HTTPS connections. |
HTTPS Port |
443 |
Specifies the HTTPS port. |
Enable HTTP Connections |
* |
Enables HTTP connections. |
HTTP Port |
80 |
Specifies the HTTP port. |
Enable Rewriter Proxy |
* |
Enables secure HTTP traffic between Gateway and the intranet. Rewriter proxy and Gateway use the same gateway profile. |
Rewriter Proxy List |
List of Rewriter proxies. For multiple instances of Rewriter proxies enter the details for each in the form host-name:port |
|
Enable Netlet |
Checked |
Enables security for TCP/IP (such as Telnet and SMTP), HTTP applications, and fixed port applications. |
Enable Proxylet |
Checked |
Enables the download of Proxylet on a client machine. |
Enable Netlet Proxy |
Enhances security for Netlet traffic between Gateway and the intranet by extending the secure tunnel from the client, through Gateway to Netlet proxy residing on the intranet. Disable if you do not want to use applications with Portal Server. |
|
Netlet Proxy Hosts |
Lists Netlet proxy hosts, in the format: hostname:port |
|
Enable Cookie Management |
Tracks and manages user sessions for all web sites that the user is permitted to access. (Does not apply to the cookies used by Portal Server to track Portal Server user sessions). |
|
Enable Persistent HTTP Connections |
Checked |
Enables HTTP persistent connections at Gateway to prevent sockets being opened for every object (such as images and style sheets) in the web pages. |
Maximum Number of Requests per Persistent Connection |
10 |
Specifies the number of requests per persistent connection. |
Timeout for Persistent Socket Connections |
50 |
Specifies the amount of time that needs to lapse before sockets are closed. |
Grace Timeout to Account for Turnaround Time |
20 |
Specifies the grace amount of time for the request to reach Gateway after the browser has sent i and the time between gateway sending the response and the browser actually receiving it. |
URLs to which User Session Cookie is Forwarded |
Enables servlets and CGIs to receive Portal Server'ss cookie and use the APIs to identify the user. |
|
Maximum Connection Queue Length |
50 |
Specifies the maximum concurrent connections that Gateway can accept. |
Gateway Timeout (seconds) |
120 |
Specifies the time interval in seconds before Gateway times out its connection with the browser. |
Maximum Thread Pool Size |
200 |
Specifies the maximum number of threads that can be pre-created in the Gateway thread pool. |
Cached Socket Timeout |
200 |
Specifies the time interval in seconds before Gateway times out its connection with Portal Server. |
Portal Servers |
Specifies Portal Servers in the format http://portal server name:port -number. Gateway tries to contact each of the Portal Servers listed in a round robin manner to service the requests. |
|
Server Retry Interval (seconds) |
120 |
Specifies the time interval between requests to try to start Portal Server, Rewriter proxy or Netlet proxy after it becomes unavailable (such as a crash or it was brought down). |
Store External Server Cookies |
Allows Gateway to store and manage cookies for any third party application or server that is accessed through Gateway. |
|
Obtain Session Information from URL |
Encodes session information as part of the URL, whether cookies are supported or not. Gateway uses this session information found in the URL for validation rather than using the session cookie that is sent from the client’s browser. |
Proxies lists the Gateway service proxies attributes.
Table A–3 Gateway Service Proxies Attributes
Attribute |
Default Value |
Description |
---|---|---|
Use Proxy |
Enables usage of web proxies. |
|
Use Webproxy URLs |
Lists the URLs that Gateway needs to contact only through the webproxies listed in the Proxies for Domains and Subdomains list, even if the Use Proxy option is disabled. |
|
Do Not Use Webproxy URLs |
Lists URLs that Gateway can connect directly to. |
|
Proxies for Domains and Subdomains |
iportal.com sun.com |
Specifies which proxy to use to contact specific subdomains in specific domains. |
Proxy Password List |
Specifies the server name, user name and password required for Gateway to authenticate to a specified proxy server, if the proxy server requires authentication to access some or all the sites. |
|
Enable Automatic Proxy Configuration Support |
Specifies that the information provided in the Proxies for Domains and Subdomains field is to be ignored. |
|
Automatic Proxy Configuration File location |
Specifies the location of files to be used for PAC support. |
|
Enable Netlet Tunneling via Web Proxy |
Extends the secure tunnel from the client, through Gateway to the web proxy that resides in the intranet. |
Security lists the Gateway service security attributes.
Table A–4 Gateway Service Security Attributes
Attribute |
Default Value |
Description |
---|---|---|
Enable HTTP Basic Authentication |
Checked |
Saves the username and password so that users need not re-enter their credentials when they revisit BASIC-protected web sites. |
Non-authenticated URLs |
/portal/desktop/images /amserver/login_images /portal/desktop/css /amserver/jss /amconsole/console/css /portal/searchadmin/console/js /amconsole/console/js /amserver/css |
Specifies URLs that do not need any authentication, such as directories that contain images. |
Certificate-enabled Gateway hosts |
Lists the certificate-enabled Gateway hosts. |
|
Allow 40-bit Encryption |
Allows 40-bit (weak) Secure Sockets Layer (SSL) connections. If you do not select this option, only 128-bit connections are supported. |
|
Enable SSL Version 2.0 |
checked |
Enables SSL version 2.0. Disabling SSL 2.0 means that browsers that support only the older SSL 2.0 cannot authenticate to SRA.This ensures a greater level of security. |
Enable SSL Cipher Selection |
Enables SSL cipher selection. You have the option of to support all the pre-packaged ciphers, or you can select the required ciphers individually. You can select specific SSL ciphers for each Gateway instance. |
|
SSL2 Ciphers |
Lists the SSL version 2 ciphers you can choose. |
|
SSL3 Ciphers |
Lists the SSL version 3 ciphers you can choose. |
|
TLS Ciphers |
Lists the TLS ciphers. |
|
Enable SSL Version 3.0 |
checked |
Enables SSL version 3.0. Disabling SSL 3.0 means that browsers that support only the SSL 3.0 cannot authenticate to SRA. This ensures a greater level of security. |
Enable Null Ciphers |
Enables null ciphers. |
|
Trusted SSL Domains |
Lists the trusted SSL domains. |
|
Mark Cookies as secure |
Marks cookies as secure. The Enable Cookie Management option must be enabled. |
The Rewriter tab has two subsections:
Basic lists the Gateway service Rewriter basic attributes.
Table A–5 Gateway Service Rewriter Attributes - Basic
Attribute |
Default Value |
Description |
---|---|---|
Enable Rewriting of All URIs |
Specifies that any URI is rewritten without checking against the entries in the Proxies for Domains and Subdomains list. |
|
Map URIs to RuleSets |
*://*.iportal.com*/portal/* |default_gateway_ruleset */portal/NetFileOpenFileServlet* |null_ruleset *|generic_ruleset REPLACE_WITH_IPLANET_MAIL_SERVER_NAME|iplanet_mail_ruleset REPLACE_WITH_EXCHANGE_SERVER_ NAMEexchange_2000sp3_owa_ruleset *://*.iportal.com*/amconsole/*|default_gateway_ruleset REPLACE_WITH_INOTES_SERVER_NAME|inotes_ruleset http*://*/portal/NetFileController*|null_ruleset |
Associates a domain with the ruleset using the Map URIs to RuleSets list. Rulesets are created under Portal Server Configuration in the Access Manager administration console. |
Map Parser to MIME Types |
JAVASCRIPT=application/x-java XML=text/xml HTML=text/html;text/htm;text/x-component;text/wml;text/vnd.wap.wml CSS=text/css |
Associates new MIME types with HTML, JAVASCRIPT, CSS or XML. Separate multiple entries with a semicolon or a comma. |
URIs Not to Rewrite |
Lists the URIs not to rewrite. Note: Adding #* to this list allows URIs to be rewritten, even when the href rule is part of the ruleset. |
|
Default Domains |
Resolves a host name to a default domain and subdomain. This is specified during installation |
Advanced lists the Gateway service Rewriter advanced attributes.
Table A–6 Gateway Service Rewriter Attributes - Advanced
Attribute |
Default Value |
Description |
---|---|---|
Enable MIME Guessing |
Enables MIME guessing when MIME is not sent. You must add data to the Map Parser to URIs list box. |
|
Map Parser to URI Mappings |
Maps a parser to the URI. Multiple URIs are separated by a semicolon. For example HTML=*.html; *.htm;*Servlet means that Rewriter is used to rewrite the content for any page with a html, htm, or Servlet extension. |
|
Enable Masking |
Allows Rewriter to rewrite a URI so that the Intranet URL of a page is not seen. |
|
Seed String for Masking |
Specifies a seed string used for masking a URI. A masking algorithm generates this random string. |
|
URIs not to Mask |
Specifies Internet URIs not to be mask. This is used when applications (such as an applet) require an Internet URI. For example if you added */Applet/Param* to the list box, the URL would not be masked if the content URI http://abc.com/Applet/Param1.html is matched in the ruleset rule. |
|
Make Gateway protocol Same as Original URI Protocol |
Enables Rewriter to use a consistent protocol to access the referred resources in the HTML content. This applies only to static URIs, not to dynamic URIs generated in Javascript. |