Configuring a Session Proxy & Web Session Proxy

There are two scenarios where you can configure session and web session proxy in your environment. These are part of a single component, and part of the default Sectona Web access component can be installed independently to serve multi-site or high availability scenarios. This section covers the following:

Before you begin

You have already installed the Sectona Web Access or External Proxy. Refer to the Installation Section for more details.
Ensure the PAM server can communicate with the jump Server as per the communication requirement mentioned in Standard Port Requirement for Installation

Using internal Session Proxy or Web Session Proxy

Navigate to System → Landing & Proxy Server.
Select the pre-configured session proxy or session web proxy detail.
Provide a proxy reference name like Primary Proxy.
Port No: The default port for an internal session proxy is 22, and for a web session proxy is 1080. You can configure the port.
IP Segment / Location: If you wish to route all traffic from local machines to target assets with this session proxy, set it to All Asset. You can select specific locations / IP segments to use a specific session proxy.
Instances: Select applicable instances for this proxy configuration.
Log Server: Specify the location of the node where logs generated by accessing through should be stored. The system lists all configured nodes (HA / DR / Remote Sites) to be selected.
Availability Check: Enable this option if multiple proxies are configured to access the target asset environment. This enables internal load balancing and reachability checks before the connection is initiated.

A session proxy is configured and activated by default in the system at the installation time.
The system automatically routes web application traffic via a web session proxy.

Using external Session Proxy or Web Session Proxy

Install the external proxy component on the server.
Navigate to the default path where the proxy is installed and search for Sectona.Vault.SessionProxyHost.Config.xml in the default installation folder.
Open the file in any text editor and edit the IP Address in the field for the IP of your proxy server.
Navigate to System → Landing & Proxy Server.
Upload the XML file generated when installation in the session proxy at an external server.
Pop-up provides data of proxy server configuration to be imported with Sectona Web Access.
Edit any required fields and ensure the password field is unedited as imported.
Provide a proxy reference name like Primary Proxy.
Port No: The default port for an internal session proxy is 22, and for a web session proxy is 1080. You can configure the port.
IP Segment / Location: If you wish to route all traffic from local machines to target assets with this session proxy, set it to All Asset. You can select specific locations / IP segments to use a specific session proxy.
Instances: Select applicable instances for this proxy configuration.
Log Server: Specify the location of the node where logs generated by accessing through should be stored. The system lists all configured nodes (HA / DR / Remote Sites) to be selected.
Availability Check: Enable this option if multiple proxies are configured to access the target asset environment. This enables internal load balancing and reachability checks before the connection is initiated.

Adding NAT Settings for Session Proxy

When a user tries to access PAM from a network different than the one in which PAM exists, the session should still get routed through PAM. To ensure this, we must configure NAT for proxy sessions on the PAM.

Navigate to Configuration → Landing & Proxy Server.
Click on the Action button of Session Proxy or Web Session Proxy and select Server NAT.
In the IP range field, add the IP range of the device you wish to access via Session Proxy or Web Session Proxy.
In the Virtual IP field, fill in the IP address of the proxy server.
In the Virtual Port field, fill in the port of the access type you have configured to get access via proxy server.
Tick the Over LAN checkbox if your session proxy and virtual ports differ.
Click Save.