14.3 Restoring Previous Security Settings for Access Gateway

In this Section

14.3.1 Restoring the Previous Protocol Settings between Browsers and Access Gateway

  1. Download backup files from the /root/nambkup/mag <time stamp of upgrade>/conf folder.

    For information about how to download backup files, see Downloading Files from a Server in the NetIQ Access Manager 5.0 Administration Guide.

  2. Open the NovellAgSettings.conf file, search for SSL Protocol, and copy the value associated with it.

    For information about how to open and modify a file, see Modifying Configurations in the NetIQ Access Manager 5.0 Administration Guide.

  3. Click Devices > Access Gateways > Edit > Advanced Options and replace the following configuration with the value copied in NovellAgSettings.conf in step 2:

    SSLProtocol TLSv1.1 +TLSv1.2

14.3.2 Restoring the Previous Ciphers Settings between Browsers and Access Gateway

  1. Download the backup files from the /root/nambkup/mag <time stamp of upgrade>/conf folder.

    For information about how to download backup files, see Downloading Files from a Server in the NetIQ Access Manager 5.0 Administration Guide.

  2. Open the NovellAgSettings.conf file, search for SSL, and copy the value.

    For information about how to open and modify a file, see Modifying Configurations in the NetIQ Access Manager 5.0 Administration Guide.

  3. Click Devices > Access Gateways > Edit > Advanced Options and replace the following configuration with the value copied from NovellAgSettings.conf in step 2:

    SSLCipherSuite !aNULL:!eNULL:!EXPORT:!DSS:!DES:!RC4:ALL:!EDH

    If NovellAgSettings.conf does not contain this line, delete this line in Access Gateway Advanced Options.

14.3.3 Removing the Clickjacking Filter

In Access Gateway’s web.xml, comment out the following Tomcat filter configuration:

<filter>
    <filter-name>TomcatSameOriginFilter</filter-name>
    <filter-class>org.apache.catalina.filters.HttpHeaderSecurityFilter</filter-class>
    <init-param>
        <param-name>antiClickJackingOption</param-name>
        <param-value>SAMEORIGIN</param-value>
    </init-param>
</filter>
<filter-mapping>
    <filter-name>TomcatSameOriginFilter</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>

For information about how to open and modify a file, see Modifying Configurations in the NetIQ Access Manager 5.0 Administration Guide.

14.3.4 Removing HTTP Strict Transport Security

  1. Click Devices > Access Gateways > Edit > Advanced Options.

  2. Set the following option:

    SetStrictTransportSecurity off

  3. Restart Apache.

    /etc/init.d/novell-apache2 restart OR rcnovell-apache2 restart