Install and Setup the WSSL Proxy
WSSL (Web Secure Session Launcher) Proxy is a Sectona PAM component that enables secure HTTPS (443/9443) access to PAM.
Before you Begin
The two major components that make PAM, Sectona Web Access and Vault Storage Host are installed and setup.
Depending on the server configuration you will have to install the Sectona Component, Remote Access Publisher. An external server in the DMZ network would be required to be installed in order to configure both, the RAP component as well as the WSSL proxy component on this server.
Install the Remote Access Publisher Component
The Remote Access Publisher component can be downloaded from an internal link that can be accessed only by request. Get in touch with the Sectona Support team on help@sectona.com.
Run the RAP installer and browse the location to save the component file.
Configure the Sectona RAP by opening the Sectona.RAP.Configuration.exe file. Enter the following details :-
Source IP | The IP address for the Remote Access Publisher component. |
Source Port | The port for the Remote Access Publisher component. |
Remote Host | The IP address of the PAM application |
Remote Port | The port of the PAM application |
Valid Till | Click on the check-box this if there is a expiration requirement. Otherwise you may keep it unchecked and keep the configuration details as the permanent settings. |
Active | Check-box is set by default. |
Save/Cancel | Click on Save to save the configuration. |
After saving, the details can be viewed in RAP-Configuration window.
Restart the Sectona Remote Access Publisher service located in the Services window.
Install the Vault WSSL Proxy Component
Login to the Sectona portal.
On the Platform Configuration page, under the System section, click on About.
Click on the components tab.
Download the WSSL Proxy Host component by clicking on the download icon.
Run the installer and install the Prerequisite components by clicking on window that are missing.
Accept the license agreement
Enter the following details in the form displayed.
Installation Directory | Browse a custom directory or leave the default directory. |
Site Name | Set a custom Site Name |
IIS Pool | The Pool name is replicated from the Site name. |
Port No. | Enter a custom port, default is set to 9443 |
Checkbox | Skip IIS Feature Installation if already present |
Certificate | Select the configured certificate identical to the PAM Server |
After entering the correct details click on Next.
Select the "Do Not Harden" option.
The progress bar of the installation will be displayed. After completing 100% click on Next.
Click on the link displayed to connect to Sectona PAM via WSSL Proxy.
Configure WSSL Proxy Component in PAM
Login to the Sectona Portal and select PAM from the Product Navigator.
Click on Setup from the Navigation Bar.
Select Landing and Proxy Server from the sidebar.
Click on Add Proxy → WSSL Proxy from the menu from the top right.
Enter the following details in the form displayed.
Server Name | Enter the name of the Server. |
Host Name | Enter Host Name |
IP Address | Enter the internal IP Address of the server where PAM is located. |
Port No | Enter the same port number as set during installation, default is set to 9443 |
Filter | Filter assets by IP Segment or Location. |
All Assets | Checkbox to select All Assets |
All Instances | Checkbox to select All Instances |
Log Server | Select the Log Server from the menu or select the checkbox for default. |
Availability Check | Select Active |
Status | Set to Active by default. |
Click on Save.
Click on Manage and click on User Management → User section in the sidebar.
Check the User Access Policy of the selected User by click on Policies from the Navigation Bar.
Enter the name of the User Access Policy in Search and click on its respective Action button.
Select the Access Type from the drop-down menu and under the Permission menu select the Enforce WSSL option.
Click on Save