Skip to content

Security Proxy Server

The Security Proxy Server provides token-based access control and encrypted network traffic to and from user workstations.

After the Preliminary steps are completed, use this panel to import the settings from the Security Proxy Server to the Management and Security Server

Preliminary steps

Before you can import the settings, you must install the Security Proxy and configure some initial settings.

Refer to the Technical Reference, Using the Security Proxy Server , for details.

Next Step: Import Security Proxy settings

Import Security Proxy settings

After the Security Proxy is installed, configured, and started, import the Security Proxy settings to the Administrative Server.

  1. In the MSS Administrative Console, open Configure Settings - Security Proxy.

  2. Click +IMPORT.

  3. Enter the Server name of the computer on which you installed the Security Proxy Server.

    Note

    • The Security Proxy Server must be running when you import the settings.
    • The name you enter must match the common name on the security proxy certificate if client verification of server identity is enabled (the default setting). The Administrative Server verifies the security proxy server identity by comparing the common name on the proxy certificate to the name of the server itself. If the names do not match—for instance, you enter servername and the server certificate common name is servername.example.com—you may be able to import the certificate, but session connections through the proxy will fail when the client attempts to verify the server identity.
    • The Security Proxy server must trust the Administrative Server certificate. (See Preliminary Steps.)
  4. Enter the Monitor port. You can check the Security Proxy Monitor port number in the Security Proxy Wizard (Advanced Settings).

  5. Enter a name that clients would recognize. If a single proxy server name is always used, leave this field blank.

    In some cases, clients may need to access the security proxy using a different name than the one used to import the Security Proxy settings. For example, as administrator, your computer may access the Security Proxy through an internal network, but your end users may access the Security Proxy from outside the firewall and use a different proxy name. In this case, enter the name that the clients use in this field.

    When both names are entered, the MSS Administrative Server uses the first name to contact the Security Proxy and import its settings and certificate, and then displays the second name in the table on the Security Proxy panel and in the Terminal Session tool.

    Emulator sessions use the second name to contact the proxy. If any end users contact the Security Proxy using both proxy names, import the Security Proxy settings twice, and define separate sessions for each proxy name.

  6. Click IMPORT. After the Security Proxy settings are imported, the Security Proxy server is listed in the table with its details:

    Server name: The name of the server on which the security proxy is installed.

    Authorization: The status of client authorization on this server. Authorization is enabled by default.

    Monitor Port: The port on which the Security Proxy listens for incoming communication. Used when the Administrative Server contacts the proxy to get report information or to import the security settings. Usually 8080.

    Proxy Port: The port the emulator uses to open a secure connection to the Security Proxy.

    Supported Protocols: The protocols that are available on the Security Proxy. Each proxy can support emulation and/or FTP, or the Passthrough proxy (no TLS handshake, client/server authentication, or encryption).

    Destination: When client authorization is turned off, each Security Proxy port connects to one host. Set the destination host for this proxy port in the Security Proxy Wizard. When client authorization is on, one port can connect to multiple hosts.

    Friendly Name: The name of the server certificate used for this Security Proxy setting.

    Cipher Suite: The encryption algorithm used for this proxy port.

  7. Accept settings exported from Security Proxy Servers.

    When you use the Security Proxy Wizard to set up or change a Security Proxy, you can export information and certificates directly to the MSS Administrative Server over an HTTP connection. This information is not encrypted.

    Caution

    By default, the MSS Administrative Server supports only HTTPS. To export information and certificates to the Administrative Server, you need to first enable HTTP connection on the server. Contact Support for assistance.

    To use the automatic export in the Security Proxy Wizard, you must check this box.

Important

  • If you change settings on the Security Proxy, you must re-import them to MSS.
  • When you upgrade, open the Security Proxy Wizard, review the status of your Security Proxy servers, and click Save. This action synchronizes the Security Proxy server with the Management and Security Server.

Next step: Create and assign secure sessions

Create and assign secure sessions

After the trust between the Administrative Server and the Security Proxy is set, use Manage Sessions and Assign Access to create and assign secure sessions to authorized users.

For detailed steps, refer to Using the Security Proxy Server: