HTTPS

PORT *

Enter the port to connect to the server. This is the TCP/IP port the server will listen to in the STENG node.

SERVER KEYLABEL *

Enter the Key identifier about keystore store to select Private Key and Certificate to create SSL connection.

MAX SESSION

Specify the maximum number of active sessions.

CONNECTION TIMEOUT

Define the number of seconds without network activity to wait before closing a session due to inactivity. Default value: 60.

REQUIRE CLIENT AUTHENTICATION

Enable the toggle button if you want the server to require SSL Client Authentication to the client that is connecting. If enabled, the CLIENT CERTIFICATION MATCH field appears and the appropriate option must be selected in the drop-down menu – details in the field here below.

CLIENT CERTIFICATION MATCH

This field appears if the Require Client Authentication button is enabled. It defines if the Certificate required for Client Authentication will be matched and how. Possible values: - NONE: the Certificate will not be matched. The presence of a valid Certificate is enough to proceed. This is the less secure option. - CNEQUALS (default value): the Common Name field of the Certificate must be exactly the same as the user name. This is the most restrictive option. - CNCONTAINS: the Common Name field of the Certificate must contain the user name.

AUTHENTICATION PROTOCOL

Select the SSL authentication protocol. Possible values: - ALL - ONLY SPECIFIC VALUES: SSLv3 TLSv1 TLSv1_1 TLSv1_2 TLSv1_3 SSLv2Hello

ACCEPTED CIPHER SUITES

Select the cipherSuites accepted to establish SSL connection. For a list of all accepted Cipher Suites, follow this .

NONE (default)

No session proxying through DMZ Gateway appli.

PORT_FORWARDING

Incoming/Outgoing connections to/from STENG server will be proxied inside an SSL tunnel without being validated in advance. DMZ PROXY PORT *: This port represents the tunnel that is opened for connection with the STENG Server.

SESSION_TERMINATION

The server session will be terminated inside the DMZ Gateway, before data is sent to STENG server. DMZ PROXY PORT *: This port represents the tunnel that is opened for connection with the STENG Server. SERVER PORT *: Enter the DMZ server port to be used for the connection. SERVER KEYLABEL: Select the label of private key to be used by the SFTP server exposed in the DMZ Gateway. REQUIRE CLIENT AUTHENTICATION: Enable to use SSL Client authentication in DMZ. The remote X.509 client certificate will be validated by the DMZ HTTP/S server before the connection is routed to STENG server. If enabled, the DMZ CLIENT CERTIFICATION MATCH field appears and the appropriate option must be selected in the drop-down menu – details in the field here below. If the HTTP client on DMZGateway is connecting to an HTTP Server with clientAuthentication=true on the STENG, check the client certificate coming from the client HTTP into the Untrusted Cache. Then trust the client certificate and check the Trust Store. DMZ CLIENT CERTIFICATION MATCH: This field appears if the Require Client Authentication button is enabled. It defines if the Certificate required for Client Authentication will be matched and how. Possible values: - NONE: the Certificate will not be matched. The presence of a valid Certificate is enough to proceed. This is the less secure option. - CNEQUALS (default value): the Common Name field of the Certificate must be exactly the same as the user name. This is the most restrictive option. - CNCONTAINS: the Common Name field of the Certificate must contain the user name. AUTHENTICATION PROTOCOL: Select the SSL authentication protocol. Possible values: - ALL - ONLY SPECIFIC VALUES: SSLv3 TLSv1 TLSv1_1 TLSv1_2 SSLv2Hello ACCEPTED CIPHER SUITES: It lists SSL/TLS cipher suites available in the FTP/S server and exposed in the DMZ Gateway. Select the cipherSuites accepted. For a list of all accepted Cipher Suites, follow this .