AppGate Security Server
   Next

AppGate Security Server

Version 9.2.3

Copyright © 2004 - 2011 AppGate Network Security AB

AppGate and MindTerm are trademarks of AppGate Network Security AB. Other brands and product names may be trademarks of their respective companies or organizations.

The contents of this document are subject to revision and can be changed without notice. AppGate Network Security AB shall have no liability for any error or damage resulting from the usage of this document.

Table of Contents

1. About this guide
1.1. Who Should Use This Guide
2. Functional Overview
2.1. Introduction
2.2. An AppGate Session
2.2.1. Starting a client
2.2.2. Session establishment
2.2.3. Account establishment
2.2.4. Authentication
2.2.5. Attributes
2.2.6. Client Check
2.2.7. Authorization
2.2.8. Role selection
2.2.9. Service presentation
2.2.10. Service activation
2.2.11. Session termination
2.3. Features
2.4. Satellites
2.5. FIPS mode
2.6. Integration with the network infrastructure
2.6.1. Firewall considerations
2.6.2. Routing considerations
2.7. Alarms
3. Clients
3.1. Client Overview
3.1.1. AppGate Client
3.1.2. AppGate Connect client
3.1.3. AppGate Mobile client
3.1.4. Clients for Citrix and Terminal Servers
3.1.5. Operating System support of AppGate clients
3.1.6. AppGate IP Tunneling Driver
3.1.7. AppGate Hosts File Writer
3.1.8. AppGate Device Firewall
3.1.9. Deployment of AppGate client
3.2. Client Installation
3.2.1. Installation on Windows
3.2.2. Installation on Mac OS X
3.2.3. Installation on Solaris
3.2.4. Installation on Linux
3.2.5. Installation From the Web Server
3.2.6. AppGate IP Tunneling Driver Installation
3.2.7. AppGate Hosts File Writer Installation
3.2.8. Repackaging the AppGate clients
3.2.9. Over the air provisioning of mobile clients
3.3. Client Usage
3.3.1. Launching clients
3.3.2. Open connection dialog
3.3.3. First time connection
3.3.4. The connection process
3.3.5. Roaming (Suspend/Resume)
3.3.6. Selecting a role
3.3.7. Starting services
3.3.8. Disconnecting
3.3.9. File access
3.3.10. Advanced features
3.3.11. Local print
3.3.12. TCP forwarding proxy
3.3.13. Host certificate considerations
3.3.14. Using certificate authentication
3.3.15. Integrating with screen locker on Linux thin clients
3.3.16. Share access considerations
3.4. Client configuration
3.4.1. Configuration files
3.4.2. Notes on some advanced configuration options
3.4.3. Configuring AppGate Applet
3.4.4. IP Tunneling configuration
3.5. Using other clients
3.5.1. Starting a server command automatically
3.6. AppGate USB client
3.6.1. How it works
3.6.2. How to clear the encrypted area
3.6.3. How to recognize
3.6.4. Included applications
4. Administration
4.1. Using AppGate Console
4.1.1. Database issues
4.1.2. General System/Cluster Status
4.1.3. Run commands
4.2. User accounts
4.2.1. Local accounts
4.2.2. LDAP/AD
4.2.3. Virtual User Accounts
4.3. Authentication Methods
4.3.1. Certificate
4.3.2. Password
4.3.3. Radius
4.3.4. SecurID
4.3.5. PublicKey
4.3.6. Kerberos
4.3.7. Chained
4.4. Access rules
4.4.1. Access rules
4.4.2. Client checks
4.4.3. Setting attributes with a server-side script
4.4.4. Net groups
4.5. Roles, folders and services
4.5.1. Roles
4.5.2. Searching
4.5.3. Folders
4.5.4. Services
4.6. Components
4.6.1. Administration access
4.6.2. Client command
4.6.3. FTP proxy
4.6.4. ICMP access
4.6.5. IP access
4.6.6. Log access
4.6.7. Reverse IP access
4.6.8. Server command
4.6.9. Share access
4.6.10. File access
4.6.11. User Message
4.6.12. Web access
4.6.13. RDP access
4.6.14. Capabilities
4.7. Satellites
4.7.1. How satellites work
4.7.2. The AppGate Satellite hardware
4.7.3. Virtual AppGate Satellites
4.7.4. Deployment
4.7.5. Network Address Translation
4.7.6. Name resolution
4.7.7. Direct access rules
4.7.8. Other routing issues
4.7.9. Troubleshooting
4.7.10. Managing satellites
4.7.11. Satellite status
4.8. Monitor and Status
4.8.1. Active Sessions
4.8.2. System status screen
4.8.3. Notifications
4.8.4. Actions
4.8.5. Monitoring conditions
4.9. Client Configuration
4.9.1. Configuration file
4.9.2. Device Firewall rules
4.9.3. Mobile Client Configuration
4.10. System Maintenance
4.10.1. Firewall
4.10.2. Backup & Restore
4.10.3. Connection Settings
4.10.4. File transfer
4.10.5. License Management
4.10.6. Local Print
4.10.7. Logging
4.10.8. File System Manager
4.10.9. File System Manager (conversion mode)
4.10.10. Software Update
4.10.11. SSL Access
4.10.12. Time Synchronization
4.11. Network/Cluster Management
4.11.1. Destinations
4.11.2. Systems
4.11.3. IP Tunneling pools
4.11.4. Load balancing
4.11.5. Clustering
4.12. Command line administration
4.12.1. File locations
4.12.2. Updating the database with ag_visdb
4.12.3. Using sdb_query to examine database
4.12.4. Using licadmin to manage licenses
4.12.5. The pico editor
5. Customization
6. Traffic Capture
6.1. Introduction
6.2. Port Forward
6.2.1. TCP socket basics
6.2.2. Port forward and TCP sockets
6.2.3. Port forward and 127.0.0.x
6.3. Web Access
6.4. IP Tunneling
6.4.1. IP Networks used for IP tunneling
6.4.2. Name resolution
6.4.3. Performance Considerations
6.4.4. Connecting to multiple AppGate servers
6.5. Hostname resolution
7. AppGate Logging
7.1. Background
7.1.1. Time zone issues
7.1.2. Log severities
7.1.3. Log files
7.1.4. Log rotation
7.2. Graphical interface to logs
7.2.1. Logs information panel
7.2.2. Log panels
7.2.3. Live panel
7.2.4. Events selection panel
7.2.5. Event list panel
7.2.6. Sessions selection panel
7.2.7. Session list panel
7.2.8. User selection panel
7.2.9. User report panel
7.2.10. Roles/services report selection panel
7.2.11. Roles/services list panel
7.2.12. Role and service report panel
7.2.13. Graph selection panel
7.2.14. Graphs panel
7.3. Exporting logs and reports as CSV-files
7.4. Command line tools
7.4.1. logcat
7.4.2. loggen
7.4.3. ag_log_snarf
8. AppGate Licensing
8.1. License Management
8.2. licadmin
9. Single Sign On features
9.1. HTTP based authentication
9.2. Web Agents Overview
9.3. Web agents details
9.3.1. Example
10. Local Print
10.1. How it works
10.2. Configuration
10.2.1. Printing PDF-files and other document types
10.2.2. Case sensitive user names
10.2.3. Maximum number of connections
11. Troubleshooting and System Recovery
11.1. Troubleshooting an unresponsive system
11.1.1. Baseline testing
11.2. Reset the system to Factory defaults
11.2.1. The GRUB menu
11.2.2. Factory default shell
11.3. Howtos
11.3.1. Getting debug files from the web proxy or SSL gateway
11.3.2. Provide a siteinfo
11.3.3. Capture debug output from the AppGate Client
11.3.4. Getting debug files from the RDP proxy
12. Reference
12.1. Web access
12.1.1. How to filter URLs
12.1.2. How Web Access works
12.1.3. AGUSER header
12.1.4. Technical Details
12.1.5. Benefits of the web proxy
12.2. Programs and daemons
12.2.1. Programs
12.2.2. Daemons
12.2.3. Configuration files
12.3. The Database
12.3.1. Defining Components
12.3.2. sdbmeta.db
12.4. Attributes
12.4.1. Attributes set by the AppGate client
12.4.2. Attributes set by the AppGate server
12.5. IP Filter
12.5.1. IP Filter configuration
12.5.2. IP traffic logging
12.5.3. NAT configuration
12.5.4. For further information...
12.6. SNMP Traps
12.7. IP filter reference
12.7.1. IP Filter grammar in BNF
12.7.2. IP Filter tools
12.8. Logcat reference
12.9. Loggen reference
12.10. ag_cfggetset reference
12.10.1. Synopsis
12.10.2. Description
12.10.3. Options
12.10.4. BNF
12.10.5. Examples
12.11. Ag_dbadmin reference
12.11.1. Synopsis
12.11.2. Description
12.11.3. Formal DTD
12.12. Regular Expressions Reference
12.13. Device Firewall rule syntax
12.13.1. Version
12.13.2. Summary of High-Level Rules
12.13.3. Macros
12.13.4. Low-Level Rule Syntax
12.13.5. High-Level Rule Expansion
12.13.6. "opt" settings
12.13.7. ICMP types and codes
12.14. IP Tunneling - Additional configuration
12.15. Hardware Platforms
12.15.1. AppGate A1 and A2 - The Sun V100 based servers.
12.15.2. AppGate A4 - The Sun V210 based servers.
12.15.3. Connecting to the Serial Console on the A1,A2 & A4
12.15.4. AppGate Ax1 and Ax2 on Sun x2100 based servers.
12.15.5. AppGate Ax1 and Ax2 on Sun x2100m2 based servers.
12.15.6. AppGate Ax1 on Dell PowerEdge R210 based servers.
12.15.7. AppGate Ax2 on Dell PowerEdge R410 based servers.
12.15.8. AppGate Ax4 on Sun X4100 and x4100m2 based servers.
12.15.9. AppGate Ax4 on Sun X4140 and x4240 based servers.
12.15.10. AppGate Ax4 on Dell PowerEdge R610 based servers.
12.15.11. Disk mirroring
13. Copyright Notices
13.1. CrystalSVG icons from KDE
13.2. curl
13.3. GLIB
13.4. ipfilter
13.5. javahelp
13.6. jgraph
13.7. Java 2 SE Runtime Environment
13.8. Java Service Wrapper
13.9. libident
13.10. OpenLDAP
13.11. OpenSSH
13.12. OpenSSL
13.13. prngd
13.14. Swing
13.15. tun
13.16. UCD-SNMP
13.17. zlib
13.18. ProperJavaRDP
13.19. Log4j
13.20. GNU Getopt for Java
13.21. GNU Lesser General Public License
13.22. GNU General Public License
13.23. Apache License, Version 2.0
Index

List of Figures

2.1. An AppGate session
4.1. Tree structure in database
4.2. Firewall example network
6.1. TCP connections involved in a Port forward
6.2. TCP connections involved in a web access
6.3. Proxy ARP example
6.4. Routed example
10.1. Local print data flow
12.1. The Back Panel of the V100
12.2. The Back Panel of the V210
12.3. The Back Panel of the x2100
12.4. The Back Panel of the x2100m2
12.5. The Back Panel of the R210
12.6. The Back Panel of the R410
12.7. The Back Panel of the x4100 and x4100m2
12.8. The Back Panel of the x4140
12.9. The Back Panel of the x4240
12.10. The Back Panel of the R610

List of Tables

3.1. Feature support matrix
3.2. Authentication methods supported on each operating system
3.3. Client features vs deployment method
3.4. Supported operations
3.5. Rules for merging configuration options of an AppGate client
3.6. Client configuration options
3.7. Included applications
4.1. Predefined attributes
4.2. RDP Client Selection
4.3. Mobile client provisioning parameters
6.1. Hostname resolution with port forwarding
6.2. Hostname resolution with IP Tunneling
7.1. Log event CSV definition
7.2. Sessions list CSV definition
7.3. Roles/Services report CSV definition
7.4. Role/Service report CSV definition
12.1. The correct values for all settings in this window are as shown below.
   Next
   Chapter 1. About this guide