Security Server Configuration

Configuring a Connection

Connections are defined socket-to-socket paths through the Security Server.  A listening port on the secure side is configured as well as a corresponding host side IP address and port number.  Up to 64 Connections may be defined per server.  The number of Clients per connection is not limited except where defined in the Connection configuration or BlueZone Concurrent License limitations.

Configure a Connection

1. Right-click on the Connections icon in the Tree View panel and select Create or click the Create Connection icon on the ToolBar.

2. In the Connection Name edit box, enter a name for the Connection.

3. In the Client TCP Port edit box, choose a "unique" port number on which Security Server will listen for client connections.  This number should be greater than 1024.

Example: 2023

4. In the Host Address edit box, enter the IP address or DNS Name of the host system.

5. In the Host TCP Port edit box, enter the TCP port on which the host system listens for Telnet connections.

6. In the Connection Limit edit box, enter the number of connections or concurrent users allowed on this connection.  Client connection attempts beyond the Connection Limit set here, are refused.  By using the default of 10000, indicates that you want to provide the maximum number of concurrent users on this connection.

7. From the TCP/IP Binding list box, select a Binding using the name that was entered in the Binding Configuration dialog.

8. Check the Enable Inactivity Disconnect check box to enable a timer used to disconnect users who have not sent or received any data during the timer interval.  Set the timer interval in the Timer in Minutes edit box.

9. Check the Active on Startup check box if you want the Connection to start automatically when the server is started.  If left unchecked, the Connection must be started manually after the server is started.

TIP  Connections are usually set to Active on Startup.  Typically only "test" Connections and Connections that you specifically want to control manually are not set to Active on Startup.

10. Select the protocol from the Protocol list box.  

1. Select Telnet for BlueZone emulator clients or any other persistent, single socket protocol.

NOTE  Selecting Telnet enables the Telnet Options button.  There is one option that can be configured here.

• Telnet Options ----
  Allows you to set a "Keep Alive" timer that can be set in minutes.  It works by sending Keep Alive packets when the client is inactive for the specified period.

• Enable Keep Alive: This option is off by default.

• Timer in Minutes: Set the desired number of minutes of inactivity after which the "keep alive" will be sent to the client.

2. Select FTP for BlueZone Secure FTP connections or any other SSL enabled FTP client.

NOTE  Selecting FTP enables the FTP Options button.  There are two options that can be configured here.

• FTP Data Port ---
  You have the option of choosing any available data port (default) or a range of data ports.  When the Security Server is located behind a Firewall, it may be necessary to chose a specific port or a range of ports that will be used as the FTP data port, and configure the Firewall to use that specific port or range of ports for FTP data.

• Use Any Available Port: This is the default option.

• Use a Specific Port Range: Enter the desired range to use.  If you want to configure a specific port, place the same port number in both boxes.

• PASIV IP Address ----
  This feature allows you to use the IP address that is specified in the Security Server's binding configuration (default) or, you can specify the IP address to use when negotiating a "passive mode" connection.  This feature is necessary when the Security Server is located behind a Firewall and Network Translation (NAT) is being used.  Normally, the device that is performing the NAT, will handle the translation of the IP address from public to private, and private to public.  However, when you are using the Security server to provide an SSL encrypted FTP session, the NAT device will not be able to translate the IP address because it is encrypted.  Therefore, it is necessary to provide the IP address of the NAT device back to the client.

• Use Binding Address: This is the default option.

• Use a Custom Address: Enter the IP address of the device that is performing the Network Address Translation (NAT).

3. Select HTTP for browser connections when using BlueZone Security Server for HTTPS Off-load.

NOTE  Selecting HTTP enables the HTTP Options button.  There is one option that can be set here.

• HTTP Options ----
  Allows you to include the connecting client computer's IP address in the request header for all inbound HTTP requests, and add custom header text.  Some FTP hosts require the IP address of the incoming request.

• Add Client IP Address Request Header: Enable if you want to use this option.

• Header Text: Enter the desired text that you want to be included in the HTTP header.  If you do not include a colon, one will be appended for you.  The text should not include any spaces.

11. The Address Resolution radio buttons provide selections to Resolve Once, or Resolve at Connect.

• Resolve Once (Recommended) stores the resolved IP address for use during subsequent connection attempts.  Client connections will be faster using this setting, because the IP address does not need to be resolved each time.

• Resolve at Connect resolves the IP address each time the Security Server attempts to make a connection.

Additional Configuration Items

• Configure the Security Settings by selecting the Client Security and the Host Security tabs.

• Configure the Hot Backup and Load Balancing settings by selecting the Host List tab.

• Configure SOCKS5 Proxy by selecting the Host List tab.

• Configure the connection buffers by selecting the Buffers tab.

Related Topics:

Client Security Tab

Host Security Tab

Host List Tab

Buffers Tab