Grant permissions for specific activities for a perimeter server

Before you begin:
  • Remote perimeter server must be installed for a more secure zone.
  • Know what permissions you want to grant
  • Understand the content of the restricted.policy file. The first two grant sections in the restricted.policy file are required for correct perimeter server operation. Do not modify these sections.
  1. Install a remote perimeter server, choosing the option for a more secure network zone.
  2. At the installation prompt Is this server in a less secure network than the integration server?, select No, which is the option for a more secure network zone.
  3. Navigate to the perimeter server installation directory.
  4. Open the restricted.policy file.
  5. Add permission lines for each back-end server that you intend to allow the proxy to access. There are commented out examples for each type of server.

    The first two grant sections are required for correct perimeter server operation. Do not modify these sections.

    For example, you can grant permission to a target FTP Server. In the example, servers are configured to listen on the following ports: 33001 (for FTP), 33002 (for HTTP), and 1364 (for C:D). These port numbers can be edited.

    // To restrict or permit the required Host/Server to communicate with the
PS, update the “ftphost/htttphost/snode” with that of the Server IP and 
provide the appropriate PORT number where the Server will listen. //
 // For each target FTP Server
 // permission java.net.SocketPermission "10.117.15.87:33001", "connect"; //
 Control connection.
 // permission java.net.SocketPermission "10.117.15.87:lowPort-highPort",
"connect"; // Passive data connections.
 // 10.117.15.87 indicates IP of the FTP Server for which the permission is
granted by PS for communicating with client //
 // For each target HTTP Server
 //
 // permission java.net.SocketPermission "10.117.15.87:33002", "connect";
 // 10.117.15.87 indicates IP of the HTTP Server for which the permission
is granted by PS for communicating with client //
 
 // For each target C:D snode
 //
 // permission java.net.SocketPermission "snode:1364", "connect";
 //  10.117.15.87 indicates IP of the Connect Direct Node for which
the permission is granted by PS for communication //
  6. In the perimeter server installation directory, there is the perimeter server settings file called remote_perimeter.properties. Edit it to change the "restricted" setting to a value of true to turn on restrictions.
  7. In the future, any attempt by the perimeter server to access disallowed network resources will be rejected and logged in the perimeter server log written to the perimeter server installation directory.