Now administrator can create virtual IP pool, so that when user login into zGateway user will get virtual IP base on the configuration done on gateway. When user try to access any application, it will access through virtual IP only.
Administrator can see the IP pool utilization using Pool Utilization button. It will display the used and unused IPs from the IP pool table.
LAN IP RANGE
LAN IP Range works in conjunction with Auto Configuration of Standard Applications (see the Application Management section earlier in this chapter) and makes it possible to configure standard services running on the corporate network. zGateway can automatically detect and list the services running on machines within a given subnet range. You can select a service from the list and register it with zGateway.
CREATE IP RANGE
In the management console, click Resources > LAN IP Range. The Create IP Range screen appears.
· Type the first IP address in the range in the Start IP Address field.
· Type the last IP address in the range in the End IP Address field.
NB: To specify single address, enter the same IP in the Start IP Address and End IP Address fields. The IP range cannot exceed 100 hosts.
· Type the subnet mask in the Subnet Mask field. Type the range description in the Description field.
· Click Submit to include the new range in Auto Configuration of Standard Applications or click Cancel to clear all data from this screen.
The new range is added.
Important: The defined IP ranges are displayed in the Select IP Range list when you opt for Auto Configuration of Standard Application on Create Application screen.
EDIT IP RANGE
· In the LAN IP Range screen, click on the check box for the IP Range you want to edit and click Modify. The Modify IP Range screen appears.
· Modify the details as needed.
· Click Submit to save changes or click Cancel to abort.
DELETE IP RANGE
· Click on the check box for the IP range(s) you want to delete. To select all, click on the Check all box below the table.
· Click Delete to delete the selected range(s).
· When prompted for deletion confirmation, click OK to delete the range(s) or click Cancel to abort.
SITE TO SITE
If you have installed more than one zGateway server in different locations, you can access all servers through one master server. This feature is called Site to Site VPN. For a Site to Site VPN set up you need to create a machine user. After creating a Machine user, you will get a machine user certificate. After uploading your root certificate and Machine user certificate (.PFX) to your master VPN server, you will get all features configured in slave server through master VPN server.
To upload Remote Certificate follow the steps given below:
In the management console, click Resources >Site to Site. The Upload Remote Server Parameter screen appears.
Type the password for the Machine user account created on the other gateway in the Password field. It should be same as the Machine user PFX certificate’s password.
Type the hostname of the other gateway in Remote VPN Host Address field. Provide CA certificate of the other VPN gateway.
Provide SSL certificate of the Machine user from other VPN Gateway. Certificate should be in PFX format. Click Submit to upload server parameters.
Access Filters are time-based restrictions that are associated with zGateway access control policies. Access Filters are applied to Access Control Lists to restrict user access to applications to specific times.
CREATE ACCESS FILTER
In the management console, click Resources > Access Filters. Click Add to specify a new access filter.
· Type the name for the filter in the Access Filter Name field.
· Click on the Time Zone drop-down arrow and select your time zone from the list.
· Set Start Time Hrs. and Min: by clicking on the drop-down arrows.
· Set End Time Hrs. and Min: by clicking on the drop-down arrows.
· Click Submit to create access filter or click on Reset to clear all data in the screen.
A success message confirms that the access filter is created.
EDIT ACCESS FILTER
In the management console, click Resources > Access Filters.
Click on the check box for the access filter you want to edit and click Modify. The Modify Access Filter screen appears. Modify the access filter data as needed.
Click Submit to save changes or click Reset to clear all data from the screen. Click Cancel to abort.
DELETE ACCESS FILTER
In the management console, click Resources > Access Filters.
Click on the check box for the access filter(s) you want to delete. To select all access filters, click on the Check all box below the table.
Click Delete to delete the selected access filter(s). If multiple access filters are selected, then all will be deleted.
When prompted for deletion confirmation, click OK to delete the filter(s) or click Cancel to abort.
In the management console, click Resources > Customize Portal to configure the Web Portal for your environment.
Title: Specify the title for the portal pages
Company Name: Set the company name to be displayed on portal pages
Message for Users: Set a message to be shown to users on portal after login. You can set messages related to important events here.
Message for Inner Portal: Set a message to be shown to users on portal before login. Typically this will be authorization warning.
Show Copyright: Check this to disable copyright message at the bottom of the page.
Show ‘VPN Client Download’: Select this to show the download links for VPN client for desktops on the portal.
Show ‘Change Password’: Select this to provide change password option on the portal to users. Click on submit to confirm customization changes.
Edit web portal HTML file: Now admin user can change web portal html file and css file as per customer requirement.
Web portal Logo: Upload a new logo to be displayed on portal. The logo should be a png file with dimensions
Around 180×40. Click on submit to save the new logo. File size shouldn’t exceed 500 KB
Desktop client Logo: Upload a new logo to be displayed on desktop client. The logo should be a bmp file with dimensions around 180×40. Click on submit to save the new logo. File size shouldn’t exceed 500 KB
Desktop client Banner: Upload a new banner to be displayed on desktop client. The logo should be a bmp file with dimensions around 373×85. Click on submit to save the new logo. File size shouldn’t exceed 500 KB
EXTERNAL SSL CERTIFICATE
Rather than use the internal Certificate Authority, you can generate a Certificate Signing Request to submit to a recognized 3rd party CA such as VeriSign.
There are two steps involved:
1. Generate Certificate Signing Request (CSR)
2. Upload Certificates in PEM format
GENERATE CERTIFICATE SIGNING REQUEST (CSR)
· Country Name: Country Name (2 letter code) – like for the United States, it will be ‘US’
· State or Province Name: State or Province Name (full name) – like [Georgia]
· Locality Name: Locality Name (e.g. City) – [Atlanta]
· Organization Name: Organization Name (e.g., company) – [My Company Ltd]
· Organization Unit Name: Organization Unit Name (e.g. section) – [QA]
· Common Name: Common Name (e.g. your name or yours server’s hostname)
· Email Address: Your email address
· Key Length: Length of the key generated (e.g. 2048 will create key of length 2048)
· Click Submit to create the CSR.
DOWNLOAD PRIVATE KEY & CSR
Download the Private Key and keep the file safe for later.
Download the Certificate Signing Request and submit this to your chosen Certificate Authority in order to retrieve the digital certificate from them.
UPLOAD CERTIFICATES IN PEM FORMAT
NB. You need to change the zGateway server to Configuration State to perform this task.
Once your CSR has been returned you can complete the task. Click on Upload Certificates in PEM format link.
Copy the Certificate you received in .PEM format (It contains the public key).
Copy the Optional Root Certificate, if any. If you have an intermediate CA cert and any root CA cert, copy the same in the textbox. The certificate of intermediate CA should be on top followed by its root CA cert.
Finally Copy the Private Key that was saved earlier. Click Submit.
If your certificate is successfully applied you will need to restart the server. Go to Host Maintenance > Shutdown/Restart and choose Restart VPN Appliance.
Network Configuration can be performed from within the management console as well as during bootstrap stage. IP address, DNS and host file modifications can be done from management console under Host Configuration > Network Configuration. It is also possible to create host file entries on gateway to resolve the names.
To add Host entries for name resolution on the gateway simply edit the hosts file by clicking the link.
The servers routing table can be configured from within the management console under Host Configuration > Route Configuration. Static routes can be added and deleted from the server.
Route for a Network – Add route entry for a network segment.
Route for a Host – Add route entry for a host.
Persistent Route – If selected, the route entry will be persistent across reboots.
Destination – Target network/host.
Gateway – Gateway to reach target.
Netmask – Subnet mask. For host routes, it should be 255.255.255.255.
Metric – Cost of the route. The field can be left blank.
Select Interface – Routing Network Interface
Click Submit to complete the route configuration
If internal network resources are situated behind a proxy server, these proxy details can be specified from within the management console under Host Configuration > Proxy Server.
Type the new Proxy Server name in the New Proxy Server Name field. Type in a username and password for the Proxy server and click Submit.
SAML GLOBAL CONFIGURATION
zGateway administrator can configure sales force application on zGateway server as SMAL authentication. So that when user login into zGateway server will get login into sales force automatically.
Configuration of Identity Provider on zGateway (ONE TIME):
1. Access zGateway Management Console
2. Go to SAML Global Configuration
3. Upload Certificate & Private Key
4. Set Gateway’s public address / IP.
5. Copy Identity Provider Login / Logout links to provide in Service Provider.
Configuration in Service Provider’s Admin Console:
1. Access the admin console of Service Provider and direct to SAML settings.
2. Enable SAML and generally, these minimum mandatory parameters are requested:
a. Public certificate (Same as uploaded on zGateway Saml Global Configuration)
– can be file upload or fingerprint
b. Issuer (same as IDP)
– Current: “me”
c. Login Page (Identity Provider’s login)
– Current: “https://DNS/fes-bin/public/portal/websso.html?source=appName”
d. Logout Page (Identity Provider’s Logout)
– Current: “https://DNS/fes-bin/public/portal/logout.html?source=appName”
Some other info may be needed but these are always requested for.
Configuration in Identity Provider (AmZetta in this case):
1. Access zGateway Management Console
2. Go to Add Application.
3. Select HTTP / HTTPS Type Application
4. Select SSO Type “SAML based”
5. Fill the following details:
a. Pre-configured Service Provider
b. Login URL – SAML log in link provided by SP
c. Logout URL – SAML log out link provided by SP
d. audience – domain for which the assertion would be valid, provided by SP
e. issuer – same as provided in SP
Enter your SMTP server details for email integration. This allows the zGateway server to send enrollment emails to the end-users. Also this configuration require when OTP is sending through email.
In the management console, expand Host Configuration and select SMTP Server. The SMTP Server Details screen appears.
Type the new SMTP server name in the New SMTP Server Name field.
NB: SMTP server should allow anonymous email forwarding.
Type the SMTP server port number in the SMTP Server Port field.
If the SMTP server requires email authentication, please enable the check box and provide the SMTP username and password.
SMTP Email Sender – If the SMTP server security settings do not allow impersonating user email IDs, you need to specify here the email ID of the user whose username is set on this page for SMTP authentication. If no email ID is specified, the email ID of the logged in zGateway administrator will be used.
SMTP Client Hostname – This is the hostname sent by zGateway to SMTP server in Hello message. Unless the SMTP server has any specific requirements, leave this parameter as it is.
Click Submit to save or click Reset to clear all data from the screen.
Test Email Server Setting- Here zGateway administrator can verify that test email is going or not from zGateway administrator. Enter user email id and click on send test email button. After successfully send email user will get test email on his/her email account.
Administrator can edit the templates for zGateway automated emails for the following tasks:
· New Local Basic Users
· New Certificate (High Security) Users
· Reset Passphrase
Simply click on the relevant link to edit the email template.
The image below shows the default New Local User email template. Make any required changes and click Save to finish.
Administrator can configure SMS gateway details in zGateway server so that users can get their passphrase via SMS during successful user creation or if administrator resets the passphrase. Administrator can also modify the contents of SMS message. Also this SMS configuration is required for sending OTP through SMS.
You configure SMS settings in zGateway Management Console > Host Configuration > SMS Gateway
SMS Gateway URL – Enter the SMS Gateway URL
SMS Gateway Request Query – Enter the request query of your SMS Gateway. Keywords are: – “USERNAME”,”PASSWORD”,”APIID”,”NUMBER”, and “TEXT” – Don’t change the keywords.
THESE KEYWORDS WILL BE REPLACED BY THE ACTUAL VALUES
SMS Gateway APIid – Enter the APIid of your SMS Gateway. This will replace the APIID in SMS Gateway query.
SMS Gateway Username – Enter the username of your SMS Gateway. This will replace the USERNAME in SMS Gateway query.
SMS Gateway Password – Enter the Password of your SMS Gateway. This will replace the PASSWORD in SMS Gateway query.
SMS Gateway Success Response – Enter the SMS Gateway Success Response here. So that zGateway identify that SMS has been sent or not.
Test SMS Gateway Setting- Here zGateway administrator can verify that test SMS is going or not from zGateway administrator. Enter user mobile number and click on send test SMS button. After successfully send SMS user will get test SMS on his/her mobile number.
Text sent to local users – Enter the text msg that will be sent to local users. KEYWORDS are: –
“USERNAME”,”PASSWORD”. THESE KEYWORDS WILL BE REPLACED BY THE ACTUAL VALUES.
Text sent to Certificate user – Enter the text msg that will be sent to certificate users. KEYWORDS are: –
“USERNAME”,”PASSPHRASE”. THESE KEYWORDS WILL BE REPLACED BY THE ACTUAL VALUES.
Text sent on reset passphrase – Enter the text msg that will be sent on reset of passphrase. KEYWORDS are:-
“USERNAME”,”PASSPHRASE”. THESE KEYWORDS WILL BE REPLACED BY THE ACTUAL VALUES.
Global Settings contains a collection of Server specific settings.
Select Time zone and Network Time Protocol settings for the zGateway Server. Click Submit to save. This will start NTP service on zGateway server and synchronization with NTP server ensuring date and time of zGateway server is always correct.
If the client machine has been inactive for a long time, it is good security practice to automatically log out the user. The inactivity period for automatic logout can be configured on the server.
Type the desired logout time (in minutes) in the New Idle Timeout field. Time must be between 1 and 60 minutes (default logout time is 30 minutes).
Click Submit to save.
Here zGateway administrator can specify the zGateway TLS port. Default port is 443, but this port can be changed by admin.
Current SSL Timeout (Mins): Admin can change this setting.
SSL Version 3.0 Support: By default, this setting is OFF. But admin can change to ON.
TLS 1.0 Support: By default, this setting is OFF. But admin can change to ON.
TLS 1.1 Support: By default, this setting is ON. But admin can change to OFF.
Connection KeepAlive: Connection KeepAlive by default is OFF. But admin can change to ON.
Select New SSL Ciphers: Strong ciphers is selected by default. But admin can change the ciphers setting. zGateway server must be configuration state while changing ciphers setting.
Displays the port on which the zGateway server is running. To specify a new port enter your chosen port and click Submit. zGateway will be restarted on setting this value.
NB: Avoid using ports 80, 4001, 4002.
NEW SSL CIPHERS
Select New SSL Ciphers to specify the encryption and key negotiation algorithms.
After selecting new ciphers, zGateway service will be restarted.
NB: Selecting an unsupported set of Ciphers may result in permanent loss of connectivity to VPN gateway using machines/browsers which do not support any of the selected ciphers.
The Administrator can now specify certain client configuration settings for the zGateway client and also optionally control deployment of AmZetta TSE client for integration and capability for users to launch applications published on AmZetta TSE Server.
These client settings can be accessed from the zGateway management console under Host Configuration > Client Settings.
VPN CLIENT SETTINGS
· Option for users ability to save username and password on zGateway desktop client
· Specify whether zGateway client checks for valid SSL certificate
· Set zGateway desktop client to automatically start on Windows logon
· Override default name resolution via zGateway and use local client side
· Disable user login if user is connecting through a proxy
· Enable collection of device fingerprint details
· Enable detection of real WAN IP address if user is behind a proxy
· Edit comma separated list of alternate gateways that client can connect to
· If using Alternate Gateways feature, you can specify that client randomly picks gateway from specified list
· Enable upgrade notification for users when a new zGateway client version is available
· Enable zGateway client upgrade when version is equal to or below specified version
· Start zGateway Client on Windows logon
· Enable AutoLogin in zGateway Client
· Enable Always On in zGateway Client
· Use zGateway Client as service
· Specify password to stop zGateway Client in Service mode
· Specify comma separated list of process to allow internet if internet is blocked
· Enable clipboard control
Enable screen shot block: If this option is enable then after login into zGateway, screen capture function will be disable.
Use Default browser for web application: If this option is enabled then after login into zGateway, published web application will be launching in user’s machine default browser.
Enable client exit on logout: While log out from zGateway client, client will be exit if this option is enabled.
Enable admin client as default client for Portal Hybrid Mode (If unchecked, non-admin client will be default client): By default, non admin client will be used in case of Hybrid mode. But if this option is enable then zGateway full client (admin client) will be used.
Server address label: zGateway admin can change the label of server address of zGateway windows client.
Time Interval for Portal Status Check: zGateway admin can specify time interval for portal status check.
Time Interval for Client Status Check: zGateway admin can specify time interval for client status check.
zGateway Linux Client Download URL: URL to download Linux client
zGateway Mac Client Download URL: URL to download MAC OSX client
TSE CLIENT SETTINGS
· Administrator can choose to leave the TSE Client upgrade process to TSE Client rather than zGateway client
· Enable TSE client upgrade when version is equal to or below specified version
· TSE client installation can be forced without user confirmation
· Specify the version of TSE client you wish to deploy
· Specify the URL from where TSE client will be downloaded on demand.
It is possible to upload latest zGateway client installers from management console. It is possible to upload both type of clients, zGateway client and zGateway On-Demand client. When the new installers are uploaded, the version must be updated. Auto upgrade of client must be enabled from client settings to push the new client versions to end users.
NETWORK PROFILE DETECTION
zGateway server new feature added called network profile detection. If this option is enable then windows client will detect automatically that client is connected to zGateway server locally
or over WAN. Roaming profile is detected automatically and apply policy restriction according to end user. Base on profile zGateway administrator can control block clipboard, block USB, block printing and allow specific public IP address as well as local IP address.
This option is available on client setting which is under Host Configuration. For enable network profile detection administrator needs to enable option called “Enable Network Profile Detection”. Then select parameters according to customer requirement for office or roaming profile.
PASSWORD EXPIRY TIME
Administrators can set Password Expiry time of native users.
In the management console, select Host Configuration > Password Expiry Time.
Enter the New Password Expiry Time (in Days).
Important: zGateway must be in Configuration State before you change the Database Password. Database Password compliance is governed by the database software and not by zGateway.
In the management console, select Host Configuration > Database Password. The Database Password screen appears.
· Click on the Database drop-down arrow and select the database you want to modify.
· The database user name is automatically displayed in the Database User field.
· Type the old password in the Old Password field.
· Type the new password in the New Password field.
· Retype the new password in the Re Enter Password field.
· Click Submit to save or click Reset to clear all data in the screen.
· A success message confirms that database password has changed.
SSH is used to securely access zGateway. By default, a SSH daemon is configured to run on the zGateway server. The daemon can be in one of two states:
· Run SSH (enable SSH)
· Stop SSH (disable SSH)
To change the State of SSH in zGateway:
In the management console, click Host Configuration > SSH Configuration. The Change SSH Server State screen appears.
To stop the SSH daemon on the server, click on the Stop SSH hyperlink. SSH will be disabled. To start the SSH daemon on the server, click on the Run SSH hyperlink. SSH will be enabled.
NB: SSH default state is enabled.
ISP LOAD BALANCING
zGateway now supports inbound connection load balancing. zGateway VPN can be accessible from multiple Internet service providers configured in the management console. When end user connects to zGateway VPN it will check load on the Links and send login requests to less loaded ISP. This feature will be helpful if customers have multiple internet connections and wish that incoming users should be equally distributed across the internet connections.
ISP Load balancing feature can be configured under Host Configuration > ISP Management > Add
· Enter ISP IP address in IP Address field.
· Add weight of server.
· Click Submit to Enable
For example, if we specify weight of 2 on first ISP and weight of 3 on second ISP, ratio of load balancing of ISP is 2:3, i.e. Out of three connections, two connections will be in first ISP and three connections will be in second ISP. Total sum of the weight should not exceed 20. In other word, we can configure maximum number of 20 ISPs with weight value is 1 for each ISPs.
Add Virtual Server to use zGateway server as HTTPS reverse proxy server. Admin can create a unique DNS name and then create a virtual server for this DNS name. This will not require user to download the VPN java client modules.
Click Add to create the configuration.
Give the service a Name.
Specify the URL that the user will reference in the Request URL field. Use the format https://publicfqdn
In the Target URL field specify the web server address that is the target. Use the format http://webserver
NB. Both http and https are supported.
Preserve Host Field – This field is used for incoming Host HTTP request header for proxy request. If enabled this option will pass the Host: line from the incoming request to the proxied host, instead of the hostname specified in the proxypass line.
BACKUP AND RESTORE
Administrators can back up the zGateway configuration and restore the same in case of a disaster.
The backup file is stored on administrator’s desktop which can be uploaded back to gateway for restoration.
There are two backup options available: Backup User Settings only and Backup Whole System.
BACKUP USER SETTINGS ONLY
This backup will export the settings configured by administrator to the desktop.
This backup enables administrators to regularly backup the settings and use them in case the administrator needs to revert back to old state or the old system has to be replicated to a new one.
This backup includes the configurations done under “Access Management” and “Device Profiling” sections.
This backup does not include any certificate and system information hence is portable across various VPN gateways located at different locations.
NB: This backup does not include any network, system, installed license, security officers, administrators and certificate user information.
BACKUP WHOLE SYSTEM
This backup exports everything including the certificates related configuration. This backup is useful to rebuild a whole system by reinstalling the firmware and then restoring it to the last backed-up state again.
This back includes:
· Configuration under “Access Management”
· Configuration under “Device Profiling”
· SSL, CA and all system certificates
· Administrator/User Certificates
· Self Service Profile
Note: This backup does not include information related to network and installed license.
It is important to make sure the hostname of the system should be set to same as what it was when the backup was taken from the system. If the hostname is different, an error will be prompted to the administrator. It will also give the name of the expected hostname.
A freshly installed system can be restored using this backup at the time of reboot configuration.
RESTORE USER SETTINGS
Select the user settings backup file from desktop to restore the configuration of zGateway.
Feature to automatically backup zGateway configuration is added in this release. zGateway will generate backup of the configuration and send to specified location or email ID.
The configuration backup file can be sent over email to all administrators registered on zGateway or it can be sent to specific email ID. The configuration backup can also be sent to a FTP site.
For configuring Auto backup go to Host Maintenance->Auto Backup.
Start the auto-backup module first and refresh the screen to check that it’s in running status.
There are two types of backup, user backup and whole system backup.
User backup includes all user and application related configuration. This backup does not include system files and SSL certificates. Such backup can be used to replicate the configuration on a zGateway which is already configured and running.
The System backup includes all system files and SSL certificates required to setup a new zGateway.
This page provides a summary of the current license information on the zGateway.
License Feature: Describes the type of license installed. Generally Concurrent User but can list add-on licenses such as Cluster and Endpoint Security.
Details: Lists extra information about the license i.e. whether evaluation or production.
Status: License availability and concurrent user license maximum.
Expiration Date: Date on which the license will expire.
NB: For more detailed information on zGateway licensing go to the licensing section in the administrators guide.
SHUTDOWN / RESTART
Shutdown or Restart the zGateway server from the management console.
PING & TRACEROUTE
The Host Maintenance section also contains the Ping and Trace route tools. From here you can issue a ping or trace route command from the zGateway server to a specified network resource.
zGateway administrator can do telnet specific port to any server from zGateway server. Using this option it will confirm that from zGateway server to application server is reachable or not.
The activity logs detail the remote user’s activity on the zGateway server.
The Activity Log displays:
· Login Date and Time
· User Name
· Application accessed
· User IP Address
· Mac ID of the Client Machine
· WAN IP address
· Application Port
zGateway server automatically archives the log files when the size of a file increases beyond 2 MB. The Gateway can have 5 archived files and 1 running file.
Clear Logs: Deletes the log entries permanently from zGateway server.
Download Logs: Download the active log file on desktop in CSV format. A maximum of 30,000 latest log entries can be downloaded.
The User Log provides information in brief about users who logged in.
The User Log table displays:
· Login date/time
· Logout date / time
· User name
· Client IP
· Profile name
Download Logs: Download the active log file on desktop in CSV format. A maximum of 30,000 latest log entries can be downloaded.
All the administration changes are logged and viewable through the management console. The logs are achieved on the gateway with capacity to store more than 200,000 log entries.
The activity logs detail the remote user’s OTP activity on the zGateway server
The zMFA Log displays:
· Date and Time
· User Name
· Authentication Domain
END POINT SECURITY LOG
The End Point Security Log provides information in brief about user device profile activity.
The End Point Security Log table displays: User name
· User login date/time
· MAC Address
· IP Address
· Profile name
· Scan status
· Log Details
To see more details of end point machine scan click on Details link. The End Point Security Detailed Log screen appears.
Click Close Window to close detailed log screen.
LOG FILE SETTINGS
Newly added Log file settings allows for more flexibility for creating log files. zGateway administrators can select log archiving frequency by Daily, Weekly or Monthly basis. They can also set size of log files and maximum number of archived log files. These options are available under Logging > Log Settings.
Administrators can download archived log files from Log file settings page.
REPORTS AND ALERTS OVERVIEW
New reporting option has been added to generate and download various reports. Using this reporting feature administrator can generate custom reports for specific user, domain and application. Following reporting options are available
· General Reporting
· User Base Reporting
· Domain Base Reporting
· Application Base Reporting
All the reports can be downloaded based on the start date and end date provided by administrator.
The report is downloaded as PDF.
General Reporting: This report contains all the summarized reports for the provided start date and end date.
User Base Reporting: Using this report, user based reports can be downloaded for a specific user. The report provides information like last session details, application accessed by user, etc.
Domain Base Reporting: This report gives summarized access details for a specific zGateway domain
Application Base Reporting: This application base report will give details specific zGateway application activity log.
Alert Manger: Alert manager to send email notifications when certain resources are under stress. zGateway can send notifications about high CPU, RAM, HDD and Swap space usage. It can also send alerts related to high license utilization.
Configuration option is available Under Reports and Alerts -> Alert Manager
On Global setting:
Alert Title Prefix*: The subject of email notifications starts with this prefix. The prefix can be used to identify the zGateway cluster identifier.
Data sampling rate (secs)*: Enter the time in seconds for data sampling
On Alert Setting:
Resource Type: Select the resource type for which alert is to be configured.
Threshold value: Specify the threshold value, when this value is reached, the alert email will be triggered
Alert Rate: Specify this time in minutes as frequency of sending the same alert.
Alert Title: Set the complete subject of the email. The Alert Title Prefix is appended to this title.
Log Alerts in file: If this option is enabled then the alert is also logged in log file.
Enable Email Alert: Enable sending alert over email
Send Alert to all Admin Users: If this option is enable then resource utilization high alert email will go to all zGateway administration user.
Send Alert to all Security Officers: Send alert email to all zGateway administrators
Send Alert to additional Users: Send alert to additional email IDs
HIGH AVAILABILITY OVERVIEW
zGateway high availability and load balancing feature is required to make zGateway service always ON and to support large number of remote users with efficient utilization of hardware resources available. The system would enable thousands of remote users to be able to access corporate services with maximum performance. The whole deployment should be fault tolerant and should manage the user load efficiently. The high availability and load balancing system is referred as zGateway VPN cluster in this document.
zGateway VPN Cluster feature enables organizations to deploy two or more zGateway to support large no. of user’s with highly available VPN service.
The cluster will have following components:
1. Load balancer module: At least 1, maximum 2
2. High availability module: At least 1, maximum 2
3. VPN Gateway module: At least 1, maximum: 256
The zGateway VPN cluster would provide an active-active load balancing and high availability setup. There are following type of nodes in the VPN cluster:
1. Load balancing node (LB Node): Load balancer modules, High Availability module for load balancer , Cluster Management modules and VPN Configuration database
2. VPN Node: Full-fledged VPN Gateway
In a cluster at least 1 LB Node and 1 VPN Node are required. In a cluster maximum of 2 LB Node are possible. The 2 LB Node works in active-passive manner. If the active LB node goes down, the standby LB Node takes over the cluster.
In a cluster, maximum 256 VPN Nodes can be present.
Both LB Node and VPN Node can run on same hardware that means a single hardware can act as load balancer as well as process VPN connections.
There are following deployment models for the cluster:
1. Small deployments: Two Hardware instances, both running LB Node and VPN Node. This scenario is good for smaller deployments, typically good for 2000 users or so based on the hardware capacity. In this scenario, both the hardware instances are running load balancer and VPN functionality. One of the hardware runs active LB and other one acts as standby.
2. Large deployments: N no. of hardware with all nodes running VPN Node. This scenario suits deployments ranging from 2000-10000. In this scenario, there are 2 LB Nodes and there can be any no. of VPN Nodes. The hardware running LB Node also runs VPN Node.
3. Highly Scalable deployments: N no. of hardware with dedicated LB Node. This scenario suits deployments ranging from 10000 to 1,000,000 no. of users. The hardware running LB Node is free from doing VPN processing and hence the overall performance of LB Node is very high. Rest of the hardware runs VPN Nodes.
High Availability > HA Configuration screen displays current HA status and allows Installation and restart of HA services.
To configure, enter the Virtual IP address to be used for the VPN cluster in the Virtual IP address field. This IP address will be assigned automatically to the active load balancer.
Enter Virtual Hostname in the Virtual Hostname field. This will become the hostname of the cluster. This hostname will be used to generate all SSL certificates. If the VPN gateway is to be published over Internet, using a valid SSL certificate, this hostname should be publically routable and SSL certificates will be generated with this hostname.
Click Enable to complete.
Whenever high availability configuration is modified, high availability services need to be reloaded using the Reload button.
The Remote Meetings feature enables zGateway users to create remote web meetings for the purpose or sharing presentation, text chat, file transfer or just use as helpdesk facility. Remote meeting feature is available in both zGateway Web Portal and Desktop Client. A user can select “give support” to connect to another user. User can select “get support” to request support from another user.
By default, remote meeting services are running. Administrator can simply verify the remote meeting service status under Remote Meetings > Configuration in the management console. Always it should be in RUNNING state.
In order to enable the Remote Meetings facility for specific users, the remote meeting application needs to be defined.
To enable users to perform remote meetings, create an application with type Remote Meeting. Specify the IP address of the zGateway server in the Application Server Address field and leave the default port as 51234.
Assign this application to users to whom you want to allow remote meetings.
For connecting to another user, user must enter the username of the partner and the meeting password.
Also zGateway administrator can view the live user who are doing remote meeting using Live User option. Here administrator can see the list of remote meeting live users.