AppGate Security Server
		Next

AppGate Security Server

Version 8.2.3

Copyright © 2004 - 2009 AppGate Network Security AB

AppGate and MindTerm are trademarks of AppGate Network Security AB. Other brands and product names may be trademarks of their respective companies or organizations.

The contents of this document are subject to revision and can be changed without notice. AppGate Network Security AB shall have no liability for any error or damage resulting from the usage of this document.

Table of Contents

1. About this guide

1.1. Who Should Use This Guide

2. Functional Overview

2.1. Introduction

2.2. An AppGate Session

2.2.1. Starting a client
2.2.2. Session establishment
2.2.3. Account establishment
2.2.4. Authentication
2.2.5. Attributes
2.2.6. Client Check
2.2.7. Authorization
2.2.8. Role selection
2.2.9. Service presentation
2.2.10. Service activation
2.2.11. Session termination

2.3. Features

2.4. FIPS mode

2.5. Integration with the network infrastructure

2.5.1. Firewall considerations
2.5.2. Routing considerations

3.1. Client Overview

3.1.1. AppGate Client
3.1.2. AppGate Connect and Applet
3.1.3. AppGate Mobile client
3.1.4. Clients for Citrix and Terminal Servers
3.1.5. Operating System support of AppGate clients
3.1.6. AppGate IP Tunneling Driver
3.1.7. AppGate Hosts File Writer
3.1.8. AppGate Device Firewall
3.1.9. Deployment of AppGate clients

3.2. Client Installation

3.2.1. Installation on Windows
3.2.2. Installation on Mac OS X
3.2.3. Installation on Solaris
3.2.4. Installation on Linux
3.2.5. Installation From the Web Server
3.2.6. AppGate IP Tunneling Driver Installation
3.2.7. AppGate Hosts File Writer Installation
3.2.8. Repackaging the AppGate clients
3.2.9. Over the air provisioning of mobile clients

3.3. Client Usage

3.3.1. Launching clients
3.3.2. Open connection dialog
3.3.3. First time connection
3.3.4. The connection process
3.3.5. Roaming (Suspend/Resume)
3.3.6. Selecting a role
3.3.7. Starting services
3.3.8. Disconnecting
3.3.9. Advanced features
3.3.10. Local print
3.3.11. TCP forwarding proxy
3.3.12. Host certificate considerations
3.3.13. Entrust considerations
3.3.14. Using certificate authentication
3.3.15. Share access considerations

3.4. Client configuration

3.4.1. Configuration files
3.4.2. Notes on some advanced configuration options
3.4.3. Configuring AppGate Applet
3.4.4. IP Tunneling configuration

3.5. Using other clients

3.5.1. Starting a server command automatically

3.6. AppGate USB client

3.6.1. How it works
3.6.2. How to clear the encrypted area
3.6.3. How to recognize
3.6.4. Included applications

4. Administration

4.1. Using AppGate Console

4.1.1. Database issues
4.1.2. General System/Cluster Status
4.1.3. Run commands

4.2. Authentication methods

4.2.1. Certificate
4.2.2. Password
4.2.3. Radius
4.2.4. SecurID
4.2.5. Entrust
4.2.6. PublicKey
4.2.7. Kerberos

4.3. User accounts

4.3.1. Local accounts
4.3.2. Certificate
4.3.3. LDAP/AD
4.3.4. Radius
4.3.5. RSA ACE/Server

4.4. Access rules

4.4.1. Access rules
4.4.2. Client checks

4.5. Roles, folders and services

4.5.1. Roles
4.5.2. Searching
4.5.3. Folders
4.5.4. Services

4.6. Components

4.6.1. Administration access
4.6.2. Client command
4.6.3. FTP proxy
4.6.4. ICMP access
4.6.5. IP access
4.6.6. Log access
4.6.7. Reverse IP access
4.6.8. Server command
4.6.9. Share access
4.6.10. User Message
4.6.11. Web access
4.6.12. RDP access
4.6.13. Capabilities

4.7. Monitor and Status

4.7.1. Active Sessions
4.7.2. Satellite view
4.7.3. System status screen
4.7.4. Actions
4.7.5. Monitoring conditions

4.8. Client Configuration

4.8.1. Configuration file
4.8.2. Device Firewall rules
4.8.3. Mobile Client Configuration
4.8.4. Satellites
4.8.5. Satellite Configuration

4.9. System Maintenance

4.9.1. Firewall
4.9.2. Backup & Restore
4.9.3. Connection Settings
4.9.4. Exchange Synchronization
4.9.5. File transfer
4.9.6. License Management
4.9.7. Local Print
4.9.8. Log Levels
4.9.9. Mail Settings
4.9.10. Partition Manager
4.9.11. Software Update
4.9.12. SSL Access
4.9.13. Time Synchronization

4.10. Network/Cluster Management

4.10.1. Destinations
4.10.2. Systems
4.10.3. IP Tunneling pools
4.10.4. Load balancing
4.10.5. Clustering

4.11. Command line administration

4.11.1. File locations
4.11.2. Updating the database with ag_visdb
4.11.3. Using sdb_query to examine database
4.11.4. Using licadmin to manage licenses
4.11.5. The pico editor

5. Customization

6. Traffic Capture

6.1. Introduction

6.2. Port Forward

6.2.1. TCP socket basics
6.2.2. Port forward and TCP sockets
6.2.3. Port forward and 127.0.0.x

6.3. Web Access

6.4. IP Tunneling

6.4.1. IP Networks used for IP tunneling
6.4.2. Name resolution
6.4.3. Performance Considerations

6.5. Hostname resolution

7. AppGate Logging

7.1. Background

7.1.1. Time zone issues
7.1.2. Log severities
7.1.3. Log files
7.1.4. Log rotation

7.2. Graphical interface to logs

7.2.1. Logs information panel
7.2.2. Log panels
7.2.3. Live panel
7.2.4. Events selection panel
7.2.5. Event list panel
7.2.6. Sessions selection panel
7.2.7. Session list panel
7.2.8. User selection panel
7.2.9. User report panel
7.2.10. Roles/services report selection panel
7.2.11. Roles/services list panel
7.2.12. Role and service report panel
7.2.13. Graph selection panel
7.2.14. Graphs panel

7.3. Exporting logs and reports as CSV-files

7.4. Command line tools

7.4.1. logcat
7.4.2. loggen
7.4.3. ag_log_snarf

7.5. Automatic actions and remote logs

7.5.1. Alarms
7.5.2. Sending logs to a remote server
7.5.3. Use logs to trigger command execution

8. AppGate Licensing

8.1. License Management
8.2. licadmin

9. Single Sign On features

9.1. HTTP based authentication

9.2. Web Agents Overview

9.3. Web agents details

9.3.1. Use cases

9.4. The ident protocol

10. Local Print

10.1. How it works

10.2. Configuration

10.2.1. Printing PDF-files and other document types
10.2.2. Case sensitive user names
10.2.3. Maximum number of connections

11. Reference

11.1. Programs and daemons

11.1.1. Programs
11.1.2. Daemons
11.1.3. Configuration files

11.2. The Database

11.2.1. Defining Components
11.2.2. sdbmeta.db

11.3. Attributes

11.3.1. Attributes set by the AppGate client
11.3.2. Attributes set by the AppGate server

11.4. IP Filter

11.4.1. IP Filter configuration
11.4.2. IP traffic logging

11.5. SNMP Traps

11.6. IP filter reference

11.6.1. IP Filter grammar in BNF
11.6.2. IP Filter tools

11.7. Logcat reference

11.8. Loggen reference

11.9. ag_cfggetset reference

11.9.1. Synopsis
11.9.2. Description
11.9.3. Options
11.9.4. BNF
11.9.5. Examples

11.10. Ag_dbadmin reference

11.10.1. Synopsis
11.10.2. Description
11.10.3. Formal DTD

11.11. Regular Expressions Reference

11.12. Device Firewall rule syntax

11.12.1. Version
11.12.2. Summary of High-Level Rules
11.12.3. Macros
11.12.4. Low-Level Rule Syntax
11.12.5. High-Level Rule Expansion
11.12.6. "opt" settings
11.12.7. ICMP types and codes

11.13. IP Tunneling - Additional configuration

11.14. Hardware Platforms

11.14.1. AppGate A1 and A2 - The Sun V100 based servers.
11.14.2. AppGate A4 - The Sun V210 based servers.
11.14.3. Connecting to the Serial Console on the A1,A2 & A4
11.14.4. AppGate Ax1 and Ax2 on Sun x2100 based servers.
11.14.5. AppGate Ax1 and Ax2 on Sun x2100m2 based servers.
11.14.6. AppGate Ax4 on Sun X4100 and x4100m2 based servers.
11.14.7. AppGate Ax4 on Sun X4140 and x4240 based servers.

12. Copyright Notices

12.1. CrystalSVG icons from KDE
12.2. curl
12.3. GLIB
12.4. ipfilter
12.5. javahelp
12.6. jgraph
12.7. Java 2 SE Runtime Environment
12.8. Java Service Wrapper
12.9. libident
12.10. OpenLDAP
12.11. OpenSSH
12.12. OpenSSL
12.13. pidentd
12.14. prngd
12.15. Swing
12.16. tun
12.17. UCD-SNMP
12.18. zlib
12.19. ProperJavaRDP
12.20. Log4j
12.21. GNU Getopt for Java
12.22. GNU Lesser General Public License
12.23. GNU General Public License
12.24. Apache License, Version 2.0

List of Figures

2.1. An AppGate session
4.1. Tree structure in database
4.2. Network diagram for the Secure Mobile Office solution
4.3. Firewall example network
6.1. TCP connections involved in a Port forward
6.2. TCP connections involved in a web access
6.3. Proxy ARP example
6.4. Routed example
10.1. Local print data flow
11.1. The Back Panel of the V100
11.2. The Back Panel of the V210
11.3. The Back Panel of the x2100
11.4. The Back Panel of the x2100m2
11.5. The Back Panel of the x4100 and x4100m2
11.6. The Back Panel of the x4140
11.7. The Back Panel of the x4240

List of Tables

3.1. Feature support matrix
3.2. Authentication methods supported on each operating system
3.3. Client features vs deployment method
3.4. Rules for merging configuration options of an AppGate client
3.5. Client configuration options
3.6. Included applications
4.1. Predefined attributes
4.2. RDP Client Selection
4.3. Mobile client provisioning parameters
6.1. Hostname resolution with port forwarding
6.2. Hostname resolution with IP Tunneling
7.1. Log event CSV definition
7.2. Sessions list CSV definition
7.3. Roles/Services report CSV definition
7.4. Role/Service report CSV definition
11.1. The correct values for all settings in this window are as shown below.

		Next
		Chapter 1. About this guide