APROXY
This screen displays the current configuration information for the Advanced
Application Proxy. The administrator can modify the configuration
on this screen and then save the updates to the firewall. Modifications
will take effect when the Advanced Application Proxy is re-started..
Edit Button
Edit the config file directly rather than using this configuration
screen.
Directory which aproxy should run under
The directory for aproxy to change to and 'chroot' to before completing
a connection so as to provide an additional level of security. Do
not specify '/' since that defeats the purpose of this parameter.
Maximum idle time in seconds before disconnect
Number of seconds to of idle time before aproxy closes a connection.
Turn trace on
Specifies whether trace should be turned on or not. This is for
debugging purposes only. aproxy should be run with trace off at all
times except when debug information is to be collected.
Permit/Deny Rules
This is the area where new permit/deny rules can be added and existing
permit/deny rules can be modified or removed. See Working
With a Rules Panel for more information.
Permit/Deny
Select 'permit' or 'deny' from this choice button.
From Address
The IP address from which a connection request is initiated. This
field, together with Local IP and
Local Port are fields that will be compared
to an incoming connection request to determine if this rule applies.
If an incoming connection request matches all three fields (either exactly
or through wildcards), this rule will determine if the connection is to
be permitted or denied and, if permitted, where the destination server
is. The wilcard character '*' can be used by itself or as the last
character in an address to specify a range of IP addresses.
Local IP
The IP address on the firewall to which a connection request is addressed.
This field, together with From Address
and Local Port are fields that will
be compared to an incoming connection request to determine if this rule
applies. If an incoming connection request matches all three fields
(either exactly or through wildcards), this rule will determine if the
connection is to be permitted or denied and, if permitted, where the destination
server is. On deny rules, the wilcard character '*' can be used by
itself or as the last character in an address to specify a range of IP addresses.
Wildcarded Local IP are not supported
in permit rules.
Local Port
The port number on the firewall to which a connection request is addressed.
This field, together with Local IP
and From Address are
fields that will be compared to an incoming connection request to determine
if this rule applies. If an incoming connection request matches all
three fields (either exactly or through wildcards), this rule will determine
if the connection is to be permitted or denied and, if permitted, where
the destination server is.
Dest IP
The IP address of the server to connect to when a connection request is
found to match this permit rule. This field is not active for deny
rules.
Dest Port
The port number on Dest IP to connect
to when a connection request is found to match this permit rule.
This field is not active for deny rules.
Using IP
The firewall local IP address that aproxy should use to initiate connections
to the server specified as Dest IP .
This field is optional. If not specified, the routing information
on the firewall wil be used to set the local address for a server connection.
OOBA Port
This is the port that aproxy will connect to for out-of-band-authentication.
This field is optional. If it is blank, OOBA will not be used to
authenticate this permit rule.
IgnoreRST
This field is optional. If left blank, the IgnoreRST option is not
activated. If specified, it activates the IgnoreRST option and the
value specified becomes the number of seconds to sleep between retrying
a connection that returned an "connection reset" status.
Some TCP implementations returns a "connection reset" status when the
server is busy. Normally, a "connection reset" terminates a aproxy
connection. The IgnoreRST option can be used to tell aproxy to keep
retrying a connection request if the return status is "connection reset".
userexit
This field is optional. If left blank, no user exits will be invoked
for connections permitted by this rule. A string representing a set
of user exits can be specified here to tell aproxy to invoke the exits
at pre-determined points in the data flow for each connection.
Taskbar Pulldown Menu
Task Buttons