Breadcrumbs

Configure RNA Proxy Server & RNA Proxy Connector

There are two scenarios where you can configure session and web session proxy in your environment. These are part of a single component, and part of the default Sectona Web access component can be installed independently to serve multi-site or high availability scenarios.

This section covers the following:

Before you begin

  • You have already installed the Sectona RNA Proxy Components. Refer to the Installing Sectona RNA Proxy Component for more details.

  • Ensure the PAM server can communicate with the RNA Proxy Server as per the communication requirement mentioned in Standard Port Requirement for Installation

Configuring RNA Proxy Server in Landing & Proxy Server

  1. Log in to the system and select PAM from the Product Navigator.

  2. Navigate to Setup → Landing & Proxy Server.

  3. Select RNA Proxy Server from the list of available server types.

  4. Enter a Server Name for identification and display purposes (for example, RNA_Server_1).

  5. In the Host Name field, specify the hostname or fully qualified domain name (FQDN) of the RNA Proxy Server.

  6. In the Port No field, enter the listening port of the RNA Proxy Server. The default port is 5344, although a custom port can be configured if required.

  7. Click to automatically generate the authentication Username and Password for the RNA Proxy Server.

  8. Set the Status to Active to enable the RNA Proxy Server for use.

  9. Save the configuration to apply the changes.

Configure RNA Proxy Server service parameters

The RNAProxyConfig.ini file contains the configuration parameters for the RNS Proxy Server. This configuration file is located within the ApplicationData directory under the application's installation path and is utilized by the proxy component during initialization and runtime operations to load server-specific settings, communication parameters and operational configurations.

RNAProxyConfig.ini Configuration Structure

[Main]
ServerAddress=0.0.0.0
ServerPort=5344
[SSPServer]
NodeURL=https://localhost
Identifier=
IdentityKey=
[Log]
TraceLog=False

Configuration Header

Parameter

Default Value

Description

[Main]

ServerAddress

0.0.0.0

Specifies the network interface IP address on which the RNS Server Proxy listens for incoming connections. A value of 0.0.0.0 enables listening on all available network interfaces.

[Main]

ServerPort

5344

Specifies the TCP port on which the RNS Proxy Server listens for incoming connections from RNA Proxy Connectors, PAM Servers, or client applications. This value must match the Port Number configured for the RNA Proxy Server in the Landing & Proxy Server configuration.

[SSPServer]

NodeURL

https://localhost

Specifies the base URL of the PAM Server endpoint to which the proxy establishes communication.

[SSPServer]

Identifier

<Blank>

Specifies the unique username assigned to the RNA Proxy Server during its configuration in the Landing & Proxy Server. This identifier is used for proxy registration, authentication and identification within the PAM infrastructure when establishing communication with the Server.

[SSPServer]

IdentityKey

<Blank>

Specifies the password generated during RNA Proxy Server configuration in the Landing & Proxy Server. This credential is used by the proxy to authenticate with the PAM Server and establish a trusted, secure communication channel.

[Log]

TraceLog

False

Enables or disables detailed trace-level logging. When set to True, the proxy generates verbose diagnostic logs for troubleshooting and debugging purposes.

Any changes made to the RNA Proxy Server configuration require a restart of the Sectona RNA Proxy Server Host service. Open Services Manager (services.msc), locate the service and perform a restart to reload the updated configuration.

Configuring RNA Proxy Connector in Landing & Proxy Server

  1. Log in to the system and select PAM from the Product Navigator.

  2. Navigate to Setup → Landing & Proxy Server.

  3. Select RNA Proxy Connector from the list of available server types.

  4. Select the corresponding RNA Proxy Server with which the connector will establish a secure connection.

  5. Enter a Server Name for identification and display purposes (for example, RNA_Server_1).

  6. In the Host Name field, specify the hostname or fully qualified domain name (FQDN) of the RNA Proxy Connector.

  7. In the Port No field, enter the listening port of the RNA Proxy Connector. The default port is 5344, although a custom port can be configured if required.

  8. Click to automatically generate the authentication Username and Password for the RNA Proxy Connector.

  9. IP Segment / Location: If you wish to route all traffic from local machines to target assets with this RNA Proxy Connector, set it to All Asset. You can select specific locations / IP segments to use a specific RNA Proxy Connector.

  10. Instances: Select applicable instances for this proxy configuration.

  11. Availability Check: Enable this option if multiple proxies are configured to access the same target asset environment. This enables internal load balancing and reachability checks before the connection is initiated.

  12. Set the Status to Active to enable the RNA Proxy Connector for use.

  13. Save the configuration to apply the changes.

Configure RNA Proxy Connector service parameters

The RNAProxyConfig.ini file contains the configuration parameters for the RNS Proxy Connector. This configuration file is located within the ApplicationData directory under the application's installation path and is utilized by the proxy component during initialization and runtime operations to load server-specific settings, communication parameters and operational configurations.

RNAProxyConfig.ini Configuration Structure

[RNAProxy]
ServerURL=https://localhost:5344
Identifier=
IdentityKey=
TimeoutInSeconds=30
[PAM]
ServerURL=https://localhost
[Log]
TraceLog=False
SSHTunnelLog=False
[DirectProxy]
SSHDProxyPort=0
RDPDProxyPort=0
SFTPDProxyPort=0
MySQLDProxyPort=0
MicrosoftSQLDProxyPort=0
MariaDBDProxyPort=0
[DirectProxy - Defaults]
SSHDProxyPort=22022
RDPDProxyPort=23389
SFTPDProxyPort=21022
MySQLDProxyPort=3306
MicrosoftSQLDProxyPort=1433
MariaDBDProxyPort=3316

Configuration Header

Parameter

Default Value

Description

[RNAProxy]

ServerURL

https://localhost:5344

Specifies the URL and port of the RNS Proxy Server to which the RNA Proxy Connector establishes a secure connection. This value must correspond to the configured endpoint of the target RNA Proxy Server.

[RNAProxy]

Identifier

<Blank>

Specifies the username generated during RNA Proxy Connector configuration in the Landing & Proxy Server. This identifier is used to uniquely identify and authenticate the connector within the RNA Proxy Server.

[RNAProxy]

IdentityKey

<Blank>

Specifies the password generated during RNA Proxy Connector configuration in the Landing & Proxy Server. This credential is used by the connector to authenticate with the RNA Proxy Server and establish a trusted, secure communication channel.

[RNAProxy]

TimeoutInSeconds

30

Defines the connection timeout interval, in seconds, used by the RNA Proxy Connector when establishing communication with the RNS Proxy Server. If a connection is not established within the specified duration, the connection attempt is terminated and considered unsuccessful.

[PAM]

ServerURL

https://localhost

Specifies the URL and port of the PAM Server to which the Direct Proxy establishes a secure connection. The configured value must match the endpoint of the target RNA Proxy Server to ensure successful and secure communication.

[Log]

TraceLog

False

Enables or disables detailed trace-level logging. When set to True, the connector generates verbose diagnostic logs to assist with troubleshooting and debugging activities.

[Log]

SSHTunnelLog

False

Enables or disables logging of SSH tunnel operations. When set to True, detailed SSH tunnel establishment, maintenance and termination events are recorded for monitoring and troubleshooting purposes.

[DirectProxy]

SSHDProxyPort

0

Specifies the port used by the Direct Proxy for SSHD Proxy connections. A value of 0 indicates that the SSHD Proxy service is disabled or inactive on the proxy server. The default port defined by the SSHDProxyPort parameter under the [DirectProxy - Defaults] section can be used.

[DirectProxy]

RDPDProxyPort

0

Specifies the port used by the Direct Proxy for RDPD Proxy connections. A value of 0 indicates that the RDPD Proxy service is disabled or inactive on the proxy server. The default port defined by the RDPDProxyPort parameter under the [DirectProxy - Defaults] section can be used.

[DirectProxy]

SFTPDProxyPort

0

Specifies the port used by the Direct Proxy for SFTPD Proxy connections. A value of 0 indicates that the SFTPD Proxy service is disabled or inactive on the proxy server. The default port defined by the SFTPDProxyPort parameter under the [DirectProxy - Defaults] section can be used.

[DirectProxy]

MySQLDProxyPort

0

Specifies the port used by the Direct Proxy for MySQLD Proxy connections. A value of 0 indicates that the MySQLD Proxy service is disabled or inactive on the proxy server. The default port defined by the MySQLDProxyPort parameter under the [DirectProxy - Defaults] section can be used.

[DirectProxy]

MicrosoftSQLDProxyPort

0

Specifies the port used by the Direct Proxy for MicrosoftSQLD Proxy connections. A value of 0 indicates that the MicrosoftSQLD Proxy service is disabled or inactive on the proxy server. The default port defined by the MicrosoftSQLDProxyPort parameter under the [DirectProxy - Defaults] section can be used.

[DirectProxy]

MariaDBDProxyPort

0

Specifies the port used by the Direct Proxy for MariaDBD Proxy connections. A value of 0 indicates that the MariaDBD Proxy service is disabled or inactive on the proxy server. The default port defined by the MariaDBDProxyPort parameter under the [DirectProxy - Defaults] section can be used.

[DirectProxy - Defaults]

SSHDProxyPort

22022

This is a default value provided for reference purposes. Modifying this value does not affect the Direct Proxy configuration or its connectivity behaviour.

[DirectProxy - Defaults]

RDPDProxyPort

23389

This is a default value provided for reference purposes. Modifying this value does not affect the Direct Proxy configuration or its connectivity behaviour.

[DirectProxy - Defaults]

SFTPDProxyPort

21022

This is a default value provided for reference purposes. Modifying this value does not affect the Direct Proxy configuration or its connectivity behaviour.

[DirectProxy - Defaults]

MySQLDProxyPort

3306

This is a default value provided for reference purposes. Modifying this value does not affect the Direct Proxy configuration or its connectivity behaviour.

[DirectProxy - Defaults]

MicrosoftSQLDProxyPort

1433

This is a default value provided for reference purposes. Modifying this value does not affect the Direct Proxy configuration or its connectivity behaviour.

[DirectProxy - Defaults]

MariaDBDProxyPort

3316

This is a default value provided for reference purposes. Modifying this value does not affect the Direct Proxy configuration or its connectivity behaviour.

Any changes made to the RNA Proxy Connector configuration require a restart of the Sectona RNA Proxy Connector Host service. Open Services Manager (services.msc), locate the service and perform a restart to reload the updated configuration.

Adding Static Routes for RNA Proxy Connector

PAM establishes connections to target assets for various operations, including asset status monitoring, session establishment, account discovery, password changes and reconciliation, JumpShell/JumpServer connectivity and other management activities. For asset-based operations, PAM automatically determines the appropriate RNA Proxy Connector based on the properties configured for the target asset, such as IP Segment, Location, and Instance.

However, certain integrations and services are not directly associated with asset configurations. Examples include Active Directory and Directory Services, SIEM platforms, Service Desk integrations, SatelliteVault and other external systems. In such cases, PAM cannot automatically determine which RNA Proxy Connector should be used to establish the connection.

To support these scenarios, Static Routes must be configured. Static Routes map specific IP addresses, IP ranges or DNS names to a designated RNA Proxy Connector, ensuring that PAM can correctly route communication to the target system through the appropriate connector.

By configuring Static Routes, administrators can ensure reliable connectivity for non-asset-based integrations while maintaining network segmentation and enforcing RNA communication policies.

  • Login to System and select PAM from the product navigator.

  • Navigate to Setup→ Landing & Proxy Server.

  • Click the Action image-20260605-081136.png icon of RNA Proxy Connector and select Static Routes.

  • In the IP Address / Domain / Config Parameter field, enter the IP address, DNS name or configuration parameter for which the selected RNA Proxy Connector should be used.

  • Select the Active option to enable the static route.

  • Click Save to apply the configuration.