AppGate Security Server
		Next

AppGate Security Server

Version 9.1.4

Copyright © 2004 - 2009 AppGate Network Security AB

AppGate and MindTerm are trademarks of AppGate Network Security AB. Other brands and product names may be trademarks of their respective companies or organizations.

The contents of this document are subject to revision and can be changed without notice. AppGate Network Security AB shall have no liability for any error or damage resulting from the usage of this document.

Table of Contents

1. About this guide

1.1. Who Should Use This Guide

2. Functional Overview

2.1. Introduction

2.2. An AppGate Session

2.2.1. Starting a client
2.2.2. Session establishment
2.2.3. Account establishment
2.2.4. Authentication
2.2.5. Attributes
2.2.6. Client Check
2.2.7. Authorization
2.2.8. Role selection
2.2.9. Service presentation
2.2.10. Service activation
2.2.11. Session termination

2.3. Features

2.4. FIPS mode

2.5. Integration with the network infrastructure

2.5.1. Firewall considerations
2.5.2. Routing considerations

3.1. Client Overview

3.1.1. AppGate Client
3.1.2. AppGate Connect and Applet
3.1.3. AppGate Mobile client
3.1.4. Clients for Citrix and Terminal Servers
3.1.5. Operating System support of AppGate clients
3.1.6. AppGate IP Tunneling Driver
3.1.7. AppGate Hosts File Writer
3.1.8. AppGate Device Firewall
3.1.9. Deployment of AppGate clients

3.2. Client Installation

3.2.1. Installation on Windows
3.2.2. Installation on Mac OS X
3.2.3. Installation on Solaris
3.2.4. Installation on Linux
3.2.5. Installation From the Web Server
3.2.6. AppGate IP Tunneling Driver Installation
3.2.7. AppGate Hosts File Writer Installation
3.2.8. Repackaging the AppGate clients
3.2.9. Over the air provisioning of mobile clients

3.3. Client Usage

3.3.1. Launching clients
3.3.2. Open connection dialog
3.3.3. First time connection
3.3.4. The connection process
3.3.5. Roaming (Suspend/Resume)
3.3.6. Selecting a role
3.3.7. Starting services
3.3.8. Disconnecting
3.3.9. File access
3.3.10. Advanced features
3.3.11. Local print
3.3.12. TCP forwarding proxy
3.3.13. Host certificate considerations
3.3.14. Using certificate authentication
3.3.15. Share access considerations

3.4. Client configuration

3.4.1. Configuration files
3.4.2. Notes on some advanced configuration options
3.4.3. Configuring AppGate Applet
3.4.4. IP Tunneling configuration

3.5. Using other clients

3.5.1. Starting a server command automatically

3.6. AppGate USB client

3.6.1. How it works
3.6.2. How to clear the encrypted area
3.6.3. How to recognize
3.6.4. Included applications

4. Administration

4.1. Using AppGate Console

4.1.1. Database issues
4.1.2. General System/Cluster Status
4.1.3. Run commands

4.2. User accounts

4.2.1. Local accounts
4.2.2. LDAP/AD
4.2.3. Virtual User Accounts

4.3. Authentication Methods

4.3.1. Certificate
4.3.2. Password
4.3.3. Radius
4.3.4. SecurID
4.3.5. PublicKey
4.3.6. Kerberos
4.3.7. Chained

4.4. Access rules

4.4.1. Access rules
4.4.2. Client checks
4.4.3. Setting attributes with a server-side script
4.4.4. Netgroups

4.5. Roles, folders and services

4.5.1. Roles
4.5.2. Searching
4.5.3. Folders
4.5.4. Services

4.6. Components

4.6.1. Administration access
4.6.2. Client command
4.6.3. FTP proxy
4.6.4. ICMP access
4.6.5. IP access
4.6.6. Log access
4.6.7. Reverse IP access
4.6.8. Server command
4.6.9. Share access
4.6.10. File access
4.6.11. User Message
4.6.12. Web access
4.6.13. RDP access
4.6.14. Capabilities

4.7. Monitor and Status

4.7.1. Active Sessions
4.7.2. Satellite view
4.7.3. System status screen
4.7.4. Actions
4.7.5. Monitoring conditions

4.8. Client Configuration

4.8.1. Configuration file
4.8.2. Device Firewall rules
4.8.3. Mobile Client Configuration
4.8.4. Satellites
4.8.5. Satellite Configuration

4.9. System Maintenance

4.9.1. Firewall
4.9.2. Backup & Restore
4.9.3. Connection Settings
4.9.4. File transfer
4.9.5. License Management
4.9.6. Local Print
4.9.7. Log Levels
4.9.8. Mail Settings
4.9.9. File System Manager
4.9.10. File System Manager (conversion mode)
4.9.11. Software Update
4.9.12. SSL Access
4.9.13. Time Synchronization

4.10. Network/Cluster Management

4.10.1. Destinations
4.10.2. Systems
4.10.3. IP Tunneling pools
4.10.4. Load balancing
4.10.5. Clustering

4.11. Command line administration

4.11.1. File locations
4.11.2. Updating the database with ag_visdb
4.11.3. Using sdb_query to examine database
4.11.4. Using licadmin to manage licenses
4.11.5. The pico editor

5. Customization

6. Traffic Capture

6.1. Introduction

6.2. Port Forward

6.2.1. TCP socket basics
6.2.2. Port forward and TCP sockets
6.2.3. Port forward and 127.0.0.x

6.3. Web Access

6.4. IP Tunneling

6.4.1. IP Networks used for IP tunneling
6.4.2. Name resolution
6.4.3. Performance Considerations

6.5. Hostname resolution

7. AppGate Logging

7.1. Background

7.1.1. Time zone issues
7.1.2. Log severities
7.1.3. Log files
7.1.4. Log rotation

7.2. Graphical interface to logs

7.2.1. Logs information panel
7.2.2. Log panels
7.2.3. Live panel
7.2.4. Events selection panel
7.2.5. Event list panel
7.2.6. Sessions selection panel
7.2.7. Session list panel
7.2.8. User selection panel
7.2.9. User report panel
7.2.10. Roles/services report selection panel
7.2.11. Roles/services list panel
7.2.12. Role and service report panel
7.2.13. Graph selection panel
7.2.14. Graphs panel

7.3. Exporting logs and reports as CSV-files

7.4. Command line tools

7.4.1. logcat
7.4.2. loggen
7.4.3. ag_log_snarf

7.5. Automatic actions and remote logs

7.5.1. Alarms
7.5.2. Sending logs to a remote server
7.5.3. Use logs to trigger command execution

8. AppGate Licensing

8.1. License Management
8.2. licadmin

9. Single Sign On features

9.1. HTTP based authentication

9.2. Web Agents Overview

9.3. Web agents details

9.3.1. Use cases

9.4. The ident protocol

10. Local Print

10.1. How it works

10.2. Configuration

10.2.1. Printing PDF-files and other document types
10.2.2. Case sensitive user names
10.2.3. Maximum number of connections

11. Troubleshooting and System Recovery

11.1. Troubleshooting an unresponsive system

11.1.1. Baseline testing

11.2. Reset the system to Factory Defaults

11.2.1. The GRUB menu
11.2.2. Factory defaults menu

12. Reference

12.1. Programs and daemons

12.1.1. Programs
12.1.2. Daemons
12.1.3. Configuration files

12.2. The Database

12.2.1. Defining Components
12.2.2. sdbmeta.db

12.3. Attributes

12.3.1. Attributes set by the AppGate client
12.3.2. Attributes set by the AppGate server

12.4. IP Filter

12.4.1. IP Filter configuration
12.4.2. IP traffic logging

12.5. SNMP Traps

12.6. IP filter reference

12.6.1. IP Filter grammar in BNF
12.6.2. IP Filter tools

12.7. Logcat reference

12.8. Loggen reference

12.9. ag_cfggetset reference

12.9.1. Synopsis
12.9.2. Description
12.9.3. Options
12.9.4. BNF
12.9.5. Examples

12.10. Ag_dbadmin reference

12.10.1. Synopsis
12.10.2. Description
12.10.3. Formal DTD

12.11. Regular Expressions Reference

12.12. Device Firewall rule syntax

12.12.1. Version
12.12.2. Summary of High-Level Rules
12.12.3. Macros
12.12.4. Low-Level Rule Syntax
12.12.5. High-Level Rule Expansion
12.12.6. "opt" settings
12.12.7. ICMP types and codes

12.13. IP Tunneling - Additional configuration

12.14. Hardware Platforms

12.14.1. AppGate A1 and A2 - The Sun V100 based servers.
12.14.2. AppGate A4 - The Sun V210 based servers.
12.14.3. Connecting to the Serial Console on the A1,A2 & A4
12.14.4. AppGate Ax1 and Ax2 on Sun x2100 based servers.
12.14.5. AppGate Ax1 and Ax2 on Sun x2100m2 based servers.
12.14.6. AppGate Ax4 on Sun X4100 and x4100m2 based servers.
12.14.7. AppGate Ax4 on Sun X4140 and x4240 based servers.
12.14.8. Disk mirroring

13. Copyright Notices

13.1. CrystalSVG icons from KDE
13.2. curl
13.3. GLIB
13.4. ipfilter
13.5. javahelp
13.6. jgraph
13.7. Java 2 SE Runtime Environment
13.8. Java Service Wrapper
13.9. libident
13.10. OpenLDAP
13.11. OpenSSH
13.12. OpenSSL
13.13. pidentd
13.14. prngd
13.15. Swing
13.16. tun
13.17. UCD-SNMP
13.18. zlib
13.19. ProperJavaRDP
13.20. Log4j
13.21. GNU Getopt for Java
13.22. GNU Lesser General Public License
13.23. GNU General Public License
13.24. Apache License, Version 2.0

List of Figures

2.1. An AppGate session
4.1. Tree structure in database
4.2. Network diagram for the Secure Mobile Office solution
4.3. Firewall example network
6.1. TCP connections involved in a Port forward
6.2. TCP connections involved in a web access
6.3. Proxy ARP example
6.4. Routed example
10.1. Local print data flow
12.1. The Back Panel of the V100
12.2. The Back Panel of the V210
12.3. The Back Panel of the x2100
12.4. The Back Panel of the x2100m2
12.5. The Back Panel of the x4100 and x4100m2
12.6. The Back Panel of the x4140
12.7. The Back Panel of the x4240

List of Tables

3.1. Feature support matrix
3.2. Authentication methods supported on each operating system
3.3. Client features vs deployment method
3.4. Supported operations
3.5. Rules for merging configuration options of an AppGate client
3.6. Client configuration options
3.7. Included applications
4.1. Predefined attributes
4.2. RDP Client Selection
4.3. Mobile client provisioning parameters
6.1. Hostname resolution with port forwarding
6.2. Hostname resolution with IP Tunneling
7.1. Log event CSV definition
7.2. Sessions list CSV definition
7.3. Roles/Services report CSV definition
7.4. Role/Service report CSV definition
12.1. The correct values for all settings in this window are as shown below.

		Next
		Chapter 1. About this guide