There are two scenarios in which you can configure session and web session proxy in your environment. These are part of a single component and part of the default Sectona Web access component can be installed independently to serve multi-site or high availability scenarios. This section covers:

Before you begin

Using internal Session Proxy or Web Session Proxy

  • Navigate to System → Landing & Proxy Server.

  • Select the pre-configured session proxy or session web proxy detail.

  • Provide a proxy reference name like Primary Proxy.

  • Port No: Default port for internal session proxy is 22 and for web session proxy is 1080. You can configure the port.

  • IP Segment / Location: If you wish to route all traffic from local machines to target assets with this session proxy, set it to All Asset. You can select specific locations / IP segment to use specific session proxy.

  • Instances: Select applicable instances for this proxy configuration.

  • Log Server: Specify the location of the node where logs generated by accessing through should be stored. The system provides a list of all configured nodes (HA / DR / Remote Sites) to be selected.

  • Availability Check: Enable this option if you have multiple proxies configured to access the target asset environment. This enables internal load balancing and reachability check before the connection is initiated.

  • Session proxy is configured and activated by default in the system at the time of installation.

  • The system automatically routes web application traffic via web session proxy.

Using external Session Proxy or Web Session Proxy

  • Install the external proxy component on the server.

  • Navigate to default path where proxy is installed and search for Sectona.Vault.SessionProxyHost.Config.xml in default installation folder.

  • Open the file in any text editor and edit the IP Address in the field for the IP of your proxy server.

  • Navigate to System → Landing & Proxy Server.

  • Upload the XML file generated at the time of installation in the session proxy at an external server.

  • Pop-up provides data of proxy server configuration to be imported with Sectona Web Access.

  • Edit any required fields and ensure the password field is unedited as imported.

  • Provide a proxy reference name like Primary Proxy.

  • Port No: Default port for internal session proxy is 22 and for web session proxy is 1080. You can configure the port.

  • IP Segment / Location: If you wish to route all traffic from local machines to target assets with this session proxy, set it to All Asset. You can select specific locations / IP segment to use specific session proxy.

  • Instances: Select applicable instances for this proxy configuration.

  • Log Server: Specify the location of the node where logs generated by accessing through should be stored. The system provides a list of all configured nodes (HA / DR / Remote Sites) to be selected.

  • Availability Check: Enable this option if you have multiple proxies configured to access the target asset environment. This enables internal load balancing and reachability check before the connection is initiated.

Adding NAT Settings for Session Proxy

When a user is trying to access PAM from a network different than the one in which PAM exists, the session should still get routed through PAM. In order to ensure this we need to configure NAT for proxy sessions on the PAM.

  • Navigate to Configuration → Landing & Proxy Server.
  • Click on the Action button of Session Proxy or Web Session Proxy and select Server NAT.
  • In the IP range field, add the IP range of the device you wish to access via Session Proxy or Web Session Proxy.
  • In the Virtual IP field, fill in the IP address of the proxy server.
  • In the Virtual Port field, fill in the port of the access type you have configured to get access via proxy server.
  • Tick the Over LAN checkbox, in case your session proxy port and virtual port is different.
  • Click Save.