Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Secure Gateway questions

Status
Not open for further replies.
primate

primate

IS-IT--Management
Jan 6, 2003
123
GB
Hi,

I've been thinking about deploying secure gateway to provide remote access to my metaframe server farm. I'mve been setting up Secure Gateway in my home lab and have run into a couple of problems/questions that I can't figure out.

Firstly am I right in understanding that secure gateway only secures the flow of data between itself and the client and also provides a secure logon?

If that is so how do I secure the session between the web interface server and the metaframe server? Do I use SSL relay for this?

Secondly I only want clients to be able to connect to the web interface login site via https: so I only have to open port 443 on my firewall (apologies if this is more of an IIS question) but whenever I type in I get a connection but https: changes to http:

I've tried specifying in the directory security settings for IIS that only secure communications should be allowed but then I am greeted with "This page must be viewed over a secure connection" even though I am using https:// in the address. Any ideas?
 
Sort by date Sort by votes
Your understanding is right.

You secure the session between the web interface and the server by using SSL and/or in combination with RSA token authentication.

You will have to get a temporary SSL certificate from Verisign or some other SSL certificate vendor for your test lab to fully test it using (This is an IIS question).

Be sure to read through the Web Interface Administration Guide. This guide assumes you know a little IIS; that is why you are having these problems.
 
Upvote 0 Downvote
OK Thanks for the feedback, I have read the Web Interface guide and I do know a reasonable amount of IIS, I've not seen this problem before hence raising the question here but I must be having a slow day, I think I'll save that problem for later.

On to SSL relay - Since STA is bound to port 443 on the Metaframe box I've assigned the SSL relay service to use port 444 as both services are on the same box.

On the web interface box I've set the XML service port to 8081 (which is what its set to on the Metaframe box), the Transport type to SSL relay and the SSL server port to 444.

Whenever I try to connect from a client box when SSL relay is enabled on the Web interface box I get the following error:

"ERROR: The Citrix MetaFrame servers cannot process your request at this time. An SSL Relay connection could not be established: The proxy could not connect to hl-dc01.uk.testing.org port 8,081"

I must have generated and issued my certificates correctly or the Secure Gateway wouldn't work would it?

Can I use the same certificate for Secure Gateway and the SSL relay service? (Can't think why not)
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

mattmontalto
  • Locked
  • Question
MS Threat Management Gateway Alternative
Replies
0
Views
124
mattmontalto
mattmontalto
arell12
  • Locked
  • Question
Secure Gateway and MS Threat Management Gateway
Replies
0
Views
78
arell12
arell12
BbkKnight
  • Locked
  • Question
How to Add a Disclaimer to the Access Gateway Enterprise Edition
Replies
0
Views
68
BbkKnight
BbkKnight
mploug
  • Locked
  • Question
Citrix Access Gateway redirect loop in IE9
Replies
0
Views
52
mploug
mploug
bizhelp
  • Locked
  • Question
iPad + metaframe 4.5 + web interface 4.6 + secure gateway 3.0
Replies
0
Views
64
bizhelp
bizhelp

Part and Inventory Search

Sponsor

Back
Top