SS6PNW_6.1.0 - Documentation Index
Table of Contents
Product Overview
New Features and Enhancements
Known Issues
Upgrade Impacts
Support Requests Resolved for this Release
Secure Proxy Architecture
Authenticate Trading Partners in the DMZ
Authenticate Secure Proxy to the Trusted Zone Application
Certificate Authentication Options
Using Digital Certificates
About a Forward Proxy
General Proxy Terminology
IP Address Checking (Netmap Check)
About a Reverse Proxy
About SSH Session Break
About SSL Session Break
Summary of Authentication
User Authentication Options
Accessibility
Notices
Hardware and software requirements
Planning
System Requirements and Support Policy
Support for Oracle Linux
Virtualization support
Hardware Accelerator Board Requirements
Server Connections Supported
Client Connections Supported
Support Policy for Container Delivery Models
Cipher Suites Supported
Hardware Security Module (HSM) Requirements
Determine the Communications Protocol
Determine Validation Requirements for Inbound Nodes
Determine Requirements for Connection to Outbound Node
Set Up a Password Policy
Set Up User Accounts to Configure the Secure Proxy Environment
Set Up Users for Inbound Connections
Configure a Sterling External Authentication Server
Configure a Remote Perimeter Server
Special Considerations
Security Considerations
FIPS-Mode Considerations
FIPS Certificate List Report
Adapter Considerations
Logging Considerations
Configuration Manager (CM) Considerations
Engine Considerations
Perimeter Server Considerations
Single Sign-On Considerations
Connect:Direct Select Version 1.2.01 Considerations
Review Resources for UNIX or Linux
Known Restrictions
Installing
Install or Upgrade Secure Proxy on Microsoft Windows
Secure Proxy Startup Worksheet for Microsoft Windows
Install or Upgrade the Engine on Microsoft Windows
Install or Upgrade CM on Microsoft Windows
Create an Engine Definition - Microsoft Windows
Install or Upgrade Secure Proxy on UNIX or Linux
Install or Upgrade the Engine on UNIX or Linux
Install or Upgrade CM on UNIX or Linux
Create an Engine Definition - UNIX
Install a Remote Perimeter Server Overview
Perimeter Server Installation Prerequisites
Perimeter Server Installation Guidelines
Install Remote Perimeter Server in a More Secure Network on UNIX or Linux
Install a Remote Perimeter Server in a Less Secure Network on UNIX or Linux
Install Remote Perimeter Server in a More Secure Network in Windows
Install Remote Perimeter Server in a Less Secure Network in Microsoft Windows
Silent Install for Secure Proxy
About InstallAnywhere Silent Installs
Secure Proxy Silent Install or Upgrade Example
Secure Proxy Silent Install/Upgrade for Linux
SSP Configuration Manager (SSPcm) Silent Install/Upgrade Example
SSP Configuration Manager (SSPcm) Silent Install/Upgrade on Linux
Perimeter Server Silent Install/Upgrade Example
Perimeter Server Silent Install/Upgrade on Linux
Deploying IBM Sterling Secure Proxy using an IBM Certified Container Software
Planning
Verification of system requirements
Application license requirements
IBM Licensing and Metering service
PSP and SCC requirements
Installing
Pre-installation tasks
Setting up your registry server
Setting up Namespace or project
Installing and configuring IBM Licensing and Metering service
Downloading the Certified Container Software
Creating Pod Security Policy for Kubernetes Cluster
Creating security context constraints for OpenShift Cluster
Creating storage for Data Persistence
Creating Secrets
Configuring- Understanding values.yaml
Installing OpenShift Container platform
Installing IBM Sterling Secure Proxy using Helm chart
Validating the Installation
Access IBM Sterling Secure Proxy Tools
Post- installation tasks
Upgrade, Rollback, and Uninstall
Upgrading a release
Rollback- Recovering a failure
Uninstall- Uninstalling a release
Known Limitations
Migrating to IBM Sterling Secure Proxy using Certified Container Software
Troubleshooting your deployment in an IBM Certified container and Docker environment
Troubleshooting IBM certified Container issues
Troubleshooting in a Docker Container environment
Troubleshooting your deployment in IBM certified Containerized environment
Obtain Product Updates
Remove the PKCS11 Security Provider
Configure Secure Proxy to Interface with a Load Balancer
Modify the Node-Level TCP Timeout Value in a Connect:Direct Node
Configuring
Configuration Overview
Diagram of a Finished Connect:Direct Reverse Proxy Configuration
Diagram of a Finished FTP Reverse Proxy Configuration
Diagram of a Finished HTTP Reverse Proxy Configuration
Diagram of a Finished SFTP Reverse Proxy Configuration
Configure the startup and shutdown passphrase requirements
Using a script for automatic shutdown (V3.4.2, interim fix 4 and higher)
Starting and stopping the Engine on UNIX or LINUX
Start the Engine manually on UNIX or Linux
Stop the Engine from UNIX or Linux
Log On to CM on UNIX or Linux
Stop CM on UNIX or Linux
Start the Engine on Microsoft Windows
Start the Engine as a Console Application on Microsoft Windows
Start Secure Proxy as an Automatic Microsoft Windows Service
Set up the Engine to Start as a Microsoft Windows Service
Start CM from Microsoft Windows
Set up CM to Start as a Microsoft Windows Service
Log on to CM from Microsoft Windows
Stop the Engine from Microsoft Windows
Stop the Engine from a Microsoft Windows Console Application
Stop the Engine from CM
Stop the Engine from Microsoft Windows Services
Edit Engine Definition to Bind to Alternate NIC
Configure Perimeter Servers to Manage Secure Proxy Communications
Deployment Option Example - Two Remote Perimeter Servers on a Computer with Two NIC Cards
Deployment Option Example - From More Secure to Less Secure
Deployment Option Example - From Less Secure to More Secure
Deployment Option Example - External Authentication Perimeter Server
Defining a Remote Perimeter Server for a Less Secure Environment
Configure a Remote Perimeter Server in a Less Secure Zone
Edit a Remote Perimeter Server in a Less Secure Zone Definition
Modify the Water Mark Values and Local Host Information of a Remote Perimeter Server in a Less Secure Zone
Configure a Remote Perimeter Server in a More Secure Zone
Edit A More Secure Zone Remote Perimeter Server Definition
Modify Water Mark Values and Local Host Information of a Remote Perimeter Server Installed in a More Secure Zone
Map Perimeter Servers
Modify Perimeter Server Properties
Start and Stop a Remote Perimeter Server on UNIX or Linux
Start and Stop a Remote Perimeter Server on Microsoft Windows
Failover Support
Components to Configure for Failover Support
About Failover Support
Failover for a Back-end Server
Failover Configuration
Configure the Load Balancer
Summary of Steps to Set Up a Load Balancer for an HTTP Connection
Configure the Health Check Monitor for FTP
Configure the Health Check Monitor for SFTP
Configure the Health Check Monitor for Connect:Direct
Configure Failover Support for an HTTP Environment
Secure Proxy Engine 1 Configuration for HTTP
Secure Proxy Engine 2 Configuration for HTTP
Configure Failover Support for an FTP Environment
Secure Proxy Engine 1 Configuration for FTP
Secure Proxy Engine 2 Configuration for FTP
Configure Failover Support for a Connect:Direct Environment
Secure Proxy Engine 1 Configuration for Connect:Direct
Secure Proxy Engine 2 Configuration for Connect:Direct
Configure Failover Support for an SFTP Environment
Secure Proxy Engine 1 Configuration for SFTP
Secure Proxy Engine 2 Configuration for SFTP
Failover Support Properties
Change Failover Support Properties
Configure Secure Proxy for Sterling External Authentication Server
Configure a Sterling External Authentication Server Connection
Specify Alternate Sterling External Authentication Servers for Failover Support
Use a Perimeter Server to Connect to Sterling External Authentication Server
Configure JMS queue
Create a JMS queue configuration
Edit, copy, or delete a JMS queue configuration
Enable JMS queue
Configuring Open Server Architecture (OSA)
Create OSA configuration
Enabling Control IBM Sterling Center OSA support via SSP CM command-line
OSA JSON message format
Sample startCM
Implementation scenarios
Secure Proxy Block Listing
Create a new IP Address Blocklist
Delete an IP Address Blocklist
Copy an IP Address Blocklist
Create a new UserID Blocklist
Delete a UserID Blocklist
Copy a UserID Blocklist
Associate an IP address Blocklist and a Userid Blocklist with Secure Proxy Engine
Enable SCP (Secure Copy Protocol) support in Secure Proxy (V3.4.2, interim fix 3, and higher)
Dynamic HTTP/FTP/SFTP (UserID - based) routing
Dynamic HTTP (Inbound node - based) routing
FTP Reverse Proxy configuration
Complete FTP Scenario Worksheets
Complete and Test FTP Configuration Scenarios
Create a Basic FTP Configuration
Basic FTP Configuration Worksheet
Create an FTP Policy
Create an FTP Netmap
Define the FTP Adapter Used for the Connection
What You Defined with the Basic FTP Configuration Scenario
Variations on the Basic FTP Configuration
Define Connection Requirements Between Secure Proxy and Inbound FTP Nodes
Define Inbound Node Connection Definitions for an FTP Connection
Add SSL/TLS Support for an FTP Connection
SSL/TLS Support Worksheet
Secure the Inbound FTP Connection Using a TLS or SSL Protocol
Enable a Clear Control Channel for an Inbound FTP Node Connection
Secure the Outbound FTP Connection Using a TLS or SSL Protocol
Variations on the Add SSL/TLS Support on the Outbound Node
Enable a Clear Control Channel for an Outbound FTP Node Connection
Add Local User Authentication to the FTP Inbound Connection
Add Local User Authentication to the Inbound FTP Connection
Add Credentials to the Local User Store
Connect to the Outbound FTP Server Using Credentials from the Netmap
Strengthen Authentication of an FTP Node Using Sterling External Authentication Server
Authenticate the Inbound FTP Node Using Sterling External Authentication Server
Connect to Outbound FTP Server Using Sterling External Authentication Server Worksheet
Connect to the Outbound Node Using Information Stored in Sterling External Authentication Server
Test the Inbound and Outbound FTP Connections
Route an Outbound FTP Connection to Alternate Sterling B2B Integrator Servers
Define a Passive Data Outbound Port Range for an FTP Reverse Proxy Adapter
Define a Passive NAT Address for an FTP Reverse Proxy Adapter
Define an Active Data Outbound Port Range for an FTP Reverse Proxy Adapter
Use IP Address from a PASV Response For Outbound Data Connections
FTP Proxy Single Sign-on configuration
Configure the Basic Scenario to Enable a Connection to Sterling B2B Integrator for FTP
Configure Advanced Features for FTP
Configure Optional Features for FTP
Basic Single Sign-On Scenario for FTP
Configure Secure Proxy for Basic Single Sign-On for FTP
Create an FTP Policy to Support a Single-Sign On Connection for FTP
Create an FTP Netmap to Support a Single Sign-On Connection to Sterling B2B Integrator for FTP
Define the FTP Adapter Used for the Single Sign-On Connection for FTP
Verify the Secure Proxy Connections for FTP SSO
Advanced Features of the Single Sign-On Configuration for FTP
Allow a Third-Party Provider to Create Tokens for FTP
Configure Sterling External Authentication Server to Enable a Third-Party Provider to Create Tokens for FTP
Customize Token Definitions Created by Sterling External Authentication Server for FTP
Configure Sterling B2B Integrator or Sterling File Gateway When Using Basic Authentication for the Use of Multiple Sterling External Authentication Servers
HTTP Reverse Proxy configuration
Complete and Test HTTP Configuration Scenarios
Complete Scenario Worksheets
Create a Basic HTTP Configuration
Create an HTTP Policy
Create an HTTP Netmap
Define the HTTP Adapter Used for the Connection
What You Defined with the Basic HTTP Configuration Scenario
Variations on the Basic HTTP Configuration
Define Inbound HTTP Node Connection Definitions
Add SSL/TLS Support for an HTTP Connection
Secure the Inbound HTTP Connection Using the SSL or TLS Protocol
Secure the Outbound HTTP Connection Using the SSL or TLS Protocol
Add Local User Authentication to the HTTP Connection
Enable Local User Authentication to an HTTP Inbound Connection
Add Credentials to the Local User Store for an HTTP Connection
Provide Credentials to the Outbound HTTP Node Using the Netmap
Configure Name and Password to Connect to the Outbound HTTP Server in the Netmap
Strengthen Authentication for an HTTP Connection Using Sterling External Authentication Server
Authenticate the Inbound HTTP Node Using Sterling External Authentication Server
Connect to the Outbound HTTP Server Using Sterling External Authentication Server Worksheet
Connect to the Outbound HTTP Server Using Information Stored in LDAP
Test the Inbound and Outbound HTTP Connections
Security headers
Block Common Exploits
Change the Values to Block in a URL String
Map a URL in HTML Content from the Outbound Server
Configure HTTP Rewrite to Support the Sterling B2B Integrator Dashboard
Configure HTML Rewrite
Define Alternate Nodes for Failover Support for an Outbound HTTP Connection
About Configure Management Host Header Checking
PeSIT Proxy configuration
Complete Scenario Worksheets
Complete and Test Configuration Scenarios
Create a Basic PeSIT Configuration
Create a Basic PeSIT Policy
Create a PeSIT Netmap
Define the PeSIT Adapter Used for the Connection
What You Defined with the Basic PeSIT Configuration Scenario
Add SSL/TLS Support
Secure the PeSIT Connection Using the SSL or TLS Protocol
Variation on the Add SSL/TLS Support Configuration
Allow Different Levels of Encryption for the Inbound and Outbound Node
Configure PNODE-Based Routing Overview
Configure PNODE-based Routing
Configure Mixed Routing
Configure PNODE Specified and Then Standard (Mixed) Routing
Add Local User Authentication to a PeSIT Connection
Add User Authentication to the PeSIT Inbound Connection
Add Credentials to the Local User Store
Strengthen LogonID Authentication Using Sterling External Authentication Server
Authenticate a PeSIT Certificate or LogonID Using Sterling External Authentication Server
Strengthen the Connection to the SNODE With LogonID Mapping
Perform LogonID Mapping Using Information Stored in Sterling External Authentication Server
Configure Certificate-Based Routing
Configure Certificate-Based Routing in Secure Proxy
Test the PeSIT Connections
Define Alternate Nodes for Failover Support
Record an Error Message or Shut Down a Connection Based on Protocol Errors
Block PeSIT Command from a PNODE
Change the Logging Levels
Use Perimeter Servers to Manage PeSIT Communications
Modify Properties in an Adapter Definition
Provide Credentials to the Outbound PeSIT Node Using the Netmap
Copy a PeSIT Node
Reverse Proxy Single Sign-On configuration
Configure the Basic Scenario to Enable a Connection to the myFileGateway Application
Configure Optional Features for SSO Using HTTP
Configure Advanced Features
Basic Single Sign-On Scenario for myFileGateway
Configure Secure Proxy for Basic Single Sign-On
Create an SSO Configuration
create an http policy to support a single-sign on connection
Create an HTTP Netmap to Support a Single Sign-On Connection to myFileGateway
Define the HTTP Reverse Proxy Adapter Used for the Single Sign-On Connection
Configure Sterling External Authentication Server to Support Single Sign-On
Prepare Sterling File Gateway to Support Single Sign-On on UNIX or Linux
Modify Sterling File Gateway to Support Single Sign-On on UNIX or Linux
Prepare Sterling File Gateway to Support Single Sign-On on Microsoft Windows
Modify Sterling File Gateway to Support Single Sign-On on Microsoft Windows
Verify That Sterling File Gateway is Configured for Single Sign-On
Verify the Secure Proxy Connections
Configure Advanced Features for SSO Using HTTP
Customize the SSO Cookie Attributes
Allow a Third-Party Provider to Create Tokens
Configure Sterling External Authentication Server to Enable a Third-Party Provider to Create Tokens
Customize Secure Proxy to Use a Login Portal of a Third-Party Application
Customize Token Definitions Created by Sterling External Authentication Server
Configure Sterling B2B Integrator or Sterling File Gateway When Using Basic Authentication for the Use of Multiple Sterling External Authentication Servers
Configure Single Sign-On for Sterling File Gateway
Create an SSO Configuration for Sterling File Gateway
Create an HTTP Policy to Support SSO for Sterling File Gateway
Define the HTTP Netmap for Sterling File Gateway
Configure HTML Rewrite for SSO
Configure an HTTP Adapter for Sterling File Gateway
Create User Accounts in Sterling File Gateway
Verify That Sterling File Gateway is Configured for Single Sign-On
Configure Single Sign-On for Sterling B2B Integrator Dashboard
Create an SSO Configuration for Sterling B2B Integrator Dashboard
Create an HTTP Policy to Support SSO for Sterling B2B Integrator Dashboard
Define the HTTP Netmap for Sterling B2B Integrator Dashboard
Configure HTML Rewrite for Sterling B2B Integrator Dashboard
Configure an HTTP Adapter for Sterling B2B Integrator Dashboard
Create User Accounts in Sterling B2B Integrator
Verify the Secure Proxy Connections
Create an HTTP Policy to Support a Single-Sign On Connection
Add Single Sign-On Support for Basic Authentication Applications on Sterling B2B Integrator
Create an SSO Configuration for a Basic Authentication Application
Define the HTTP Netmap for a Basic Authentication Application
Configure an HTTP Adapter for a Basic Authentication Application
Create Basic Authentication Application User Accounts in Sterling B2B Integrator
Verify the Secure Proxy Connections
Customize the Logon Portal
Common User Tasks Managed by the Logon Portal
Workflow When the User Initiates a Password Change
Workflow When a User Password is Expired or Must Change
Workflow When the User Provides Invalid Logon Credentials
Workflow When a User Account is Locked
Workflow When the User Cannot Change Password
Configuration Considerations for Logon Portal
Organization of Logon Portal Customization Scenarios
Customize the Login Page
Customize the Welcome Page
Configure Secure Proxy to Skip the Welcome Page
Customize the Change Password Page for HTTP SSO
Customize the Logout Page
Customize Password Policy Page
Customize User Messages
Configure the Forgot Your User ID or Password Page
Configure Secure Proxy to Use External Logon Portal
Configuration considerations to log out to an external portal using SAML 2.0
SFTP Proxy Single Sign-On configuration
Configure the Basic Scenario to Enable a Connection to Sterling B2B Integrator
Configure Optional Features
Basic Single Sign-On Scenario
Configure Secure Proxy for Basic Single Sign-On
Create an SFTP Policy to Support a Single-Sign On Connection For SFTP
Create an SFTP Netmap to Support a Single Sign-On Connection to Sterling B2B Integrator for SFTP
Define the SFTP Adapter Used for the Single Sign-On Connection for SFTP
Configure Sterling External Authentication Server to Support Single Sign-On
Prepare Sterling B2B Integrator to Support Single Sign-On
Verify the Secure Proxy Connections
Configure Advanced Features
Allow a Third-Party Provider to Create Tokens
Configure Sterling External Authentication Server to Enable a Third-Party Provider to Create Tokens
Customize Token Definitions Created by Sterling External Authentication Server
Configure Sterling B2B Integrator or Sterling File Gateway When Using Basic Authentication for the Use of Multiple Sterling External Authentication Servers
SFTP Reverse Proxy configuration
Complete and Test SFTP Configuration Scenarios
Create a Basic SFTP Configuration
Create an SFTP Policy
Create an SFTP Netmap
Define the Adapter for the SFTP Connection
What You Defined with the Basic SFTP Configuration Scenario
Variations on the Basic SFTP Configuration
Define SFTP Connection Requirements Between Secure Proxy and Inbound Nodes
Define Inbound Node Connection Definitions
Authenticate an Inbound SFTP Node Against Information Stored in the Local User Store
Add Local Authentication to the Inbound Node Using Password Information
Authenticate an Inbound Node Using Key Information
Authenticate an Inbound Node by Comparing Either a Password or a Key to the Local User Store
Authenticate an Inbound Node by Comparing Both a Password and a Key to the Local User Store
Provide User Mapping Using the Netmap
Connect to the Outbound Server Using Credentials from the Netmap
Strengthen the SFTP User Authentication Using Sterling External Authentication Server
Authenticate the Inbound User ID and Password Using Sterling External Authentication Server
Authenticate the Inbound User ID and Key Using Sterling External Authentication Server
Authenticate the Inbound User ID and Security Code Using Sterling External Authentication Server
Strengthen the Outbound SFTP Connection With Sterling External Authentication Server User Mapping
Connect to the Outbound SFTP Node Using Information Stored in LDAP
Test the Inbound and Outbound Connections
Route an Outbound Connection to Alternate SFTP Servers
Connect:Direct Proxy configuration
Completing scenario worksheets
Completing and testing configuration scenarios
Create a Basic Connect:Direct Configuration
Basic Connect:Direct configuration worksheet
Creating a basic Connect:Direct policy
Creating a Connect:Direct netmap
Defining the Connect:Direct adapter used for the connection
What you defined with the basic Connect:Direct configuration scenario
Add SSL or TLS Support
Securing the Connect:Direct connection by using the SSL or TLS protocol
Variation on the add SSL or TLS support configuration
Configuring different levels of encryption for the inbound and outbound nodes
Configure PNODE-based routing overview
Configuring PNODE-based routing
Configure dynamic PNODE-based routing
Configure mixed routing
Configuring PNODE specified and then standard (mixed) routing
Add local user authentication to a Connect:Direct connection
Adding user authentication to the Connect:Direct inbound connection
Adding credentials to the local user store
Copying data or running a program based on the success or failure of a Process step (step injection)
Configure a Step Injection
Configure step injections worksheet
Use Variables in a Step Injection Definition
Associate a Step Injection With a Connect:Direct Node
Block Connect:Direct Tasks Allowed on a Node
Strengthen User Authentication Using Sterling External Authentication Server
Authenticate a Connect:Direct Certificate or User Using Sterling External Authentication Server
Strengthen the Connection to the SNODE With User Mapping
Perform User Mapping Using Information Stored in Sterling External Authentication Server
Configure Certificate-Based Routing
Summary of Certificate-Based Routing
Configure Certificate-Based Routing in Secure Proxy
Test the Connect:Direct Connections
Additional Connect:Direct Configuration Options
Define Alternate Nodes for Failover Support
Configure IP Address Checking (Netmap Check)
Record an Error Message or Shut Down a Connection Based on Protocol Errors
Connect:Direct Proxy Single Sign-on configuration
Configure the Basic Scenario to Enable a Connection to Sterling B2B Integrator
Configure Advanced Features
Configure Optional Features
Basic Single Sign-on Scenario
Configure Secure Proxy for Basic Single Sign-On
Configure Sterling External Authentication Server to Support Single Sign-On
Prepare Sterling B2B Integrator to Support Single Sign-On
Modify Sterling B2B Integrator to Support Single Sign-On
Change Sterling B2B Integrator User Accounts Single Sign-On
Verify the Secure Proxy Connections for Connect:Direct SSO
Allow a Third-Party Provider to Create Tokens
Configure Sterling External Authentication Server to Enable a Third-Party Provider to Create Tokens
Customize Token Definitions Created by Sterling External Authentication Server
Implementing Secure Proxy's HTTP proxying capabilities
ICAP Anti-Virus Scanning
Create a new ICAP Configuration
Virus and Malware scanning: Caveats and Known Considerations
SOCKS5 Configuration
Create a new SOCKS5 Configuration
Activating SOCKS5 proxy server with Netmap
Administering
Using Configuration Manager
Change the Password for a CM User
Change the CM Passphrase in Microsoft Windows
Change the CM Passphrase on UNIX or Linux
Change the Listen Port on CM
Modify the Listener Settings for CM
Modify Security Settings for CM
Modify Logging for Sessions Between CM and the Web Server
Modify Connection Settings for Sessions Between CM and the Web Server
Manual Backup
Restore CM State
Unlock a CM Component
Modify the Timeout Value for a CM Session
Uninstall CM from UNIX or Linux
Uninstall CM from Microsoft Windows
Change the User Store Associated With an Engine
Change the Logging Level for a Connect:Direct Node
Change the Logging Level for an Inbound Node
Change the Logging Level for an Outbound Node
Change the Logging Level for a Local Perimeter Server
Modify Properties in an Adapter Definition
Managing The Engine
View Configured Engines
Create a new engine
Change the Engine Passphrase on Microsoft Windows
Configure the Refresh Interval Between CM and Engines
Update the Monitor Display of Engine Information
Manually Send a Configuration File to an Engine
Change the Listen Port for an Engine
Change the IP Address for an Engine
Change the Logging Level for an Engine
Uninstall the Engine from UNIX or Linux
Uninstall the Engine from Microsoft Windows
Copy and Delete Engines, Adapters, Netmaps, Nodes, and Policies
Copy an Engine, Adapter, Netmap, or Policy
Copy a Node
Delete an Engine, Adapter, Netmap, or Policy
Delete an Inbound Node or Outbound Node
Delete a Connect:Direct Node
Filter a Node List
Monitor Configured Adapters
Start an Adapter from CM
Stop an Adapter from CM
Modify heap size
Modify the CM Heap Size on UNIX or Linux
Modify the CM Heap Size on Microsoft Windows
Modify the CM Heap Size on Microsoft Windows Using the Command Line
Modify Engine Heap Size on UNIX or Linux
Modify Engine Heap Size on Microsoft Windows
Logging
Audit Log Overview
Audit Log Parameters
Enabling SysLog Support in the Audit Log
SSP Engine Audit log messages
Secure Proxy Log Overview
Secure Proxy Log Parameters
Secure Proxy File Output
System Out Logs
Node Logs
Perimeter Server Log
Maverick Log
SFTP Adapter Log
Securing
Manage User Accounts and Passwords
Manage Password Policies
Create a Password Policy
Edit a Password Policy
Copy a Password Policy
Delete a Password Policy
Manage CM User Accounts
Create a CM User Account
Edit a CM User Account
Delete a CM User Account
Manage User Stores and User Accounts
Create a User Store
Modify the User Account Locking Value in the User Store
Copy a User Store
Delete a User Store
Copy a CM User Account
Create an Engine User Account
Add SSH Keys to a User Account
Edit an Engine User Account
Copy an Engine User Account
Delete an Engine User Account
Certificates
IBM Key Management Utility (iKeyman)
About SSL/TLS Certificates
Implement Certificates that Use a Common Certificate Authority
Implement Self-Signed Certificates
Implement Self-Signed Certificates with Different Certificates for Inbound and Outbound Connections
Configure a Secure Connection to Sterling External Authentication Server Server
Use Multiple Key Stores in Secure Proxy
Import a Public Certificate into a Trusted Certificate Store
Import Private Keys into a System Certificate Store
Create a New Trusted Certificate Store
Create a New System Certificate Store
Store System Certificates on a Hardware Security Module (HSM)
Configuring an HSM for use with Secure Proxy
Self-Signed Certificates
Import a Certificate
Export a Certificate
Obtain a Certificate from the HSM Device
Store a Certificate on the HSM Device
Copy a Certificate
Delete a Certificate
List Key Certificates on the HSM Device
Load References to Keys on the HSM into the Secure Proxy System Certificate Store
Update the HSM Password for HSM Key Certificates Stored in the Secure Proxy System Store
Manage CSRs
Create a CSR
Update a CSR
Delete a CSR
List CSRs on the CM Store
Retrieve a CSR to Send to a Certification Authority
Retrieve the CA-signed Certificate
Manage Configuration Manager Certificates
Certificate formats used with Secure Proxy
Use a Common Certificate for the Engine and CM
Replace the Factory Certificate with a Common Certificate on UNIX or Linux
Replace the Factory Certificate with a Common Certificate on Microsoft Windows
Use Different Certificates for the Engine and CM
Replace the Factory Certificate with an Engine Certificate and CM Certificate on UNIX or Linux
Replace the Factory Certificate with an Engine and CM Certificate on Microsoft Windows
Configuration Utilities
SSH/SFTP
SSH Key Implementation Models Using SSP
Use Server Authentication for Inbound and Outbound Connections
Implement Public Key User Authentication for Inbound and Outbound Connections
Manage Local Host Key Stores and Keys
Create a Local Host Key Store and Import a Key
Edit a Local Host Key
Copy a Local Host Key
Delete a Local Host Key
Copy a Local Host Key Store
Edit a Local Host Key Store
Delete a Local Host Key Store
Manage Authorized User Key Stores and Keys
Create an Authorized User Key Store and Import a Key
Edit an Authorized User Key
Create an Authorized User Key Store and Import a Key
Delete an Authorized User Key
Copy an Authorized User Key Store
Edit an Authorized User Key Store
Delete an Authorized User Key Store
Manage Known Host Key Stores and Keys
Create a Known Host Key Store and Import a Key
Edit a Known Host Key
Copy a Known Host Key
Delete a Known Host Key
Copy a Known Host Key Store
Edit a Known Host Key Store
Delete a Known Host Key Store
Manage Local User Key Stores and Keys
Create a Local User Key Store and Import a Key
Edit a Local User Key
Copy a Local User Key
Delete a Local User Key
Copy a Local User Key Store
Edit a Local User Key Store
Delete a Local User Key Store
Using the Secure Proxy change password portal
Change Password Portal Page Flow
Define the change password portal
Create an SSO Configuration for Change Password Portal
Define a policy for change password portal
Define a Netmap for Change Password Portal
Define an HTTP adapter for Change Password Portal
Customization of change password portal for FTP
Customize the Login Page
Customize the Logout Page
Customize Password Policy Page for FTP
Customize User Messages
Configure the Forgot Your User ID or Password Page
Configure Secure Proxy to Use External Logon Portal
Customization of change password portal for SFTP
Customize the Login Page
Customize the Change Password Page
Customize the Logout Page
Customize Password Policy Page
Customize User Messages
Configure the Forgot Your User ID or Password Page
Configure Secure Proxy to Use External Logon Portal
Customization of change password portal for Connect:Direct protocol
Customize the Change Password Page
Customize the Login Page
Customize the Logout Page
Customize Password Policy Page
Customize User Messages
Configure the Forgot Your User ID or Password Page
Configure Secure Proxy to Use External Logon Portal
APIs
Getting Started
Sample Programs
Sample Programs Detail
REST API request headers
REST API response headers
REST API HTTP return codes
CM Config REST API
Import CM configuration objects
Export SSP CM configuration objects
Adapter REST API
POST Create Adapter
DELETE Adapter
GET Adapter
GET Get All Adapters
PUT Update Adapter
PUT Import Adapters
GET Export Adapters
Blocklist REST API
POST Create Blocklist
DELETE Blocklist
GET All IP Blocklist Profiles
GET All UserId Blocklist Profiles
GET All Blocklist Profiles
GET Blocklist
PUT Update Blocklist Profile
PUT Import Blocklists
GET Export Blocklist
EA Server REST API
POST Create EA Server
PUT Update EA Server
GET All EA Server Names
DELETE EA Server
GET EA Server
PUT Import EAServers
GET Export EAServers
Engine REST API
POST Create Engine
GET All Engines
GET Engine
PUT Update Engine
DELETE Engine
PUT Import Engines
GET Export Engines
ICAP Configuration REST API
POST Create ICAP Configuration
DELETE ICAP Configuration
GET ICAP Configuration
GET Get All ICAP Configuration
PUT Update ICAP Configuration
PUT Import ICAP Configuration
GET Export ICAP Configuration
KeyStore REST API
POST Create KeyStore
Delete KeyDef Entry
DELETE KeyStore
GET All KeyStores
GET KeyStore
PUT Modify KeyDef Entry
PUT Update KeyStore
POST Add KeyDef Entry
PUT Import KeyStores
GET Export KeyStores
Netmap REST API
POST Create Netmap
DELETE Netmap
DELETE Netmap Node Entry
GET All Netmaps
GET Netmap
PUT Modify Netmap Node Entry
PUT Update Netmap
POST Add Netmap Node Entry
PUT Import Netmaps
GET Export Netmaps
Password Policy REST API
POST Create Password Policy
DELETE Password Policy
GET All Password Policy Names
GET Password Policy
PUT Update Password Policy
PUT Import PasswordPolicies
GET Export PasswordPolicies
Perimeter Server REST API
POST Create Perimeter Server
DELETE Perimeter Server
GET All Less Secure Perimeter Server Names
GET All More Secure Perimeter Server Names
GET All Perimeter Server Names
GET Perimeter Server
PUT Update Perimeter Server
PUT Import PerimeterServers
GET Export PerimeterServers
Policy REST API
POST Create Policy
DELETE Policy
GET All Policies
GET Policy
PUT Update Policy
PUT Import Policies
GET Export Policies
System Accepter REST API (part of System Settings)
GET Accepter
PUT Update Accepter
PUT Import Accepters
GET Export Accepters
User Store REST API
POST Create User Store
DELETE User Store
GET All User Store Names
GET User Store
PUT Update User Store
GET Export User Stores
PUT Import User Stores
System SSL Info REST API
GET System SSL Info
PUT Update System SSL Info
PUT Import System SSL Info
GET Export System SSL Info
System Globals REST API (part of System Settings)
GET System Globals
PUT Update System Globals
PUT Import System Globals
GET Export System Globals
System Config User REST API
POST Create Config User
DELETE Config User
GET All Config User Names
GET Config User
PUT Update Config User
PUT Import Config Users
GET Export Config Users
StepInjection REST API
POST Create StepInjection
DELETE StepInjection
GET All StepInjections
GET StepInjection
PUT Update StepInjection
PUT Import StepInjections
GET Export StepInjections
SSO Config REST API
POST Create SSO Config
DELETE SSO Config
GET All SSO Config Names
GET SSO Config
PUT Update SSO Config
PUT Import SSO Configs
GET Export SSO Configs
Session REST API
DELETE Session
GET Session
POST Create Session
SOCKS5 Proxy Server REST API
POST Create SOCKS5 Proxy
PUT Update SOCKS5 Proxy Server
GET All SOCKS5 Proxy Server Names
DELETE SOCKS5 Proxy Server
GET SOCKS5 Proxy Server
PUT Import SOCKS5 Proxy Servers
GET Export SOCKS5 Proxy Servers
Reference
Secure Proxy Engine Configuration - Basic
Secure Proxy Engine Configuration - Advanced
Secure Proxy Engine Configuration - Properties
Connect:Direct Adapter Configuration - Basic
Connect:Direct Adapter Configuration - Advanced
Connect:Direct Adapter Definition - Properties
Connect:Direct Netmap Definition
Connect:Direct Netmap Node Definition - Basic
Connect:Direct Netmap Node Definition - Security
Connect:Direct Netmap Node Definition - Advanced
Connect:Direct Netmap Definition - IP Check
Connect:Direct Netmap Definition - Routing Nodes
Connect:Direct Policy Configuration - Basic
Connect:Direct Policy Configuration - Advanced
Connect:Direct Policy Definition - Step Permissions
FTP Adapter Definition - Basic
FTP Adapter Definition - Advanced
FTP Adapter Definition - Custom
FTP Adapter Definition - Properties
FTP Netmap Definition
FTP Netmap Inbound Node Definition - Basic
FTP Netmap Inbound Node Definition - Security
FTP Netmap Inbound Node Definition- Advanced
FTP Netmap Outbound Node Definition - Basic
FTP Outbound Node Definition - Security
FTP Netmap Outbound Node Definition - Advanced
FTP Policy Configuration - Basic
FTP Policy Configuration - Advanced
HTTP Adapter Configuration - Basic
HTTP Adapter Definition - Advanced
HTTP Adapter Definition - Properties
HTTP Netmap Definition
HTTP Netmap Inbound Node Definition- Basic
HTTP Netmap Inbound Node Definition- Security
HTTP Netmap Inbound Node Definition- Advanced
HTTP Netmap Inbound Node Definition- Routing Node
HTTP Netmap Outbound Node Definition - Basic
HTTP Netmap Outbound Node Definition - Advanced
HTTP Netmap Outbound Node Definition - Security
HTML Rewrite Definition
HTTP Policy Configuration- Basic
HTTP Policy Configuration- Advanced
SFTP Adapter Configuration - Basic
SFTP Adapter Configuration - Security
SFTP Adapter Configuration - Advanced
SFTP Adapter Definition - Properties
SFTP Netmap Definition
SFTP Netmap Inbound Node Definition - Basic
SFTP Netmap Inbound Node Definition- Advanced
SFTP Netmap Outbound Node Definition - Basic
SFTP Netmap Outbound Node Definition - Advanced
SFTP Netmap Outbound Node Definition - Security
SFTP Policy Configuration - Basic
SFTP Policy Configuration - Advanced
Monitoring Engine Status (All)
Monitoring Engine Detail
Trusted Certificate Store Configuration
Trusted Certificate Configuration
System Certificate Store Configuration
System Certificate Configuration
Authorized User Key Store Configuration
Authorized User Key Configuration
Known Host Key Store Configuration
Known Host Key Configuration
Local User Key Store Configuration
Local User Key Configuration
Local Host Key Store Configuration
Local Host Key Configuration
User Store Configuration
User Configuration - Basic
User Configuration - Advanced
Perimeter Servers Field Definitions
Secure Proxy Sterling External Authentication Server Configuration - Basic
Secure Proxy Sterling External Authentication Server Configuration - Security
Secure Proxy Sterling External Authentication Server Configuration - Advanced
Connect:Direct Step Injection Configuration
Password Policy Field Definitions
ICAP Configuration Field Definitions
SSO Configuration - Basic
SSO Configuration - Advanced
SSO Configuration - Logon Portal
SSO Configuration - Properties
CM Trusted Certificate Store Configuration
CM Trusted Certificate Configuration
CM System Certificate Store Configuration
CM System Certificate Configuration
CM User Configuration
System Settings - Listeners
System Settings - Security
System Settings - Globals
System Settings - JMS configuration
System Settings - HTTP Security
System Settings - Lock Manager
System Settings - ICC OSA Monitoring
System Settings - SSO Tokens
PeSIT Adapter Configuration - Basic
PeSIT Adapter Configuration - Advanced
PeSIT Adapter Definition - Properties
JMS Queue Message Format Field Definitions
BlockList Field Definitions