Click Devices > Access Gateways.
Select one of the following options:
Option |
Description |
---|---|
New Cluster |
To create a new cluster of Access Gateways. A cluster can be one or more Access Gateways. See Creating a New Cluster. |
Stop |
To stop an Access Gateway Appliance, select the appliance, then click Stop. You must have physical access to Access Gateway Appliance machine to start it again. To stop an Access Gateway Service, select the service, then click Stop. You can use the Restart option to start Access Gateway Service. |
Restart |
To reboot an Access Gateway Appliance, select the appliance, then click Restart. Access Gateway Appliance is stopped, the operating system is rebooted, then the appliance is started. To stop and start an Access Gateway Service, select it, then click Restart. If Access Gateway Service is already stopped, use Restart to start it. |
Refresh |
To update the list of Access Gateways and the status columns, click Refresh. |
Select an Access Gateway, and then select one of the following options:
Option |
Description |
---|---|
Assign to Cluster |
To add the selected Access Gateway to a cluster, select Assign to Cluster, then select the cluster. This Access Gateway is reconfigured with the configuration of the primary cluster server. An Access Gateway Appliance can only be added to a cluster of Access Gateway Appliances. An Access Gateway Service can only be added to a cluster of Access Gateway Services. |
Remove from Cluster |
To remove the selected Access Gateway from a cluster, select Remove from Cluster. Access Gateway retains its configuration from the cluster, but no traffic is sent to it until it is reconfigured. You can assign it to a different cluster and have it updated with this cluster’s configuration, or you can delete all of its reverse proxies and start a new configuration. |
Delete |
To remove a selected Access Gateway from the list of servers that can be managed from this Administration Console, select Delete. If Access Gateway is a member of a cluster, you must first remove it from the cluster before deleting it. IMPORTANT:When an Access Gateway is deleted from Administration Console, you cannot manage it. To access it again, manually trigger an auto-import. |
Scheduled Restart |
To schedule when a selected Access Gateway must be stopped and then started, select Schedule Restart. On an Access Gateway Appliance, a restart stops the operating system, then starts the operating system and Access Gateway. On an Access Gateway Service, a restart stops Access Gateway Service, then starts it. For information about how to schedule this command, see Scheduling a Command. |
Scheduled Stop |
To schedule when a selected Access Gateway or cluster must be stopped, select Schedule Stop.
For more information, see Scheduling a Command |
Purge List Now |
Click this to purge all objects in the current purge list from the cache of the selected server or cluster. |
Purge All Cache |
Click this to purge the server cache for the selected server or cluster. All cached content is cleared. When you change certain configuration such as updating or changing certificates, changing the IP addresses of web servers, or modifying the rewriter configuration, you are prompted to purge the cache. The cached objects must be updated for users to see the effects of configuration changes. If Access Gateways are in a cluster, you need to manage the purge process so your site remains accessible to your users. You must apply configuration changes to one member of a cluster. When its status returns to healthy and current, issue the command to purge its cache. Then apply the changes to the next cluster member. IMPORTANT:Do not issue a purge cache command when an Access Gateway has a pending configuration change. Wait until the configuration change is complete. |
Update Health from Server |
Click this to send a request to the server for updated health information. If you have selected multiple servers, a request is sent to each one. The health status changes to an animated circle until the reply returns. |
Service Provider |
|
Use the following links to manage a cluster or an Access Gateway:
Option |
Description |
---|---|
Name |
Displays a list of Access Gateways and clusters that you can manage from this Administration Console.
|
Status |
Indicates the configuration status of the clusters and Access Gateways. For more information, see Status Options. |
Health |
Indicates whether a cluster or an Access Gateway is functional. Click the icon to view additional information about the operational status of an Access Gateway.
|
Alerts |
Indicates whether any alerts have been sent. If the alert count is non-zero, click the count to view more information.
|
Commands |
Indicates the status of the last executed command and whether any commands are pending. Click the link to view more information. For more information, see Section 25.2, Viewing the Command Status of Access Gateway. |
Statistics |
Provides a link to the statistic pages.
|
Edit |
Provides a link to the configuration page. If the server belongs to a cluster, the Edit link appears on the cluster row. Otherwise, the link is on the server row. See Section 3.2.1, Configuration Overview. |
Click Devices > Access Gateways.
View Status and make changes as necessary.
Status |
Description |
---|---|
Current |
Indicates that all configuration changes have been applied. |
Update |
Indicates that a configuration change has been made, but not applied. To apply the changes, click Update, and then select one of the following options:
|
Update All |
This link is available when a server belongs to a cluster. You can select to update all the servers at the same time, or you can select to update them one at a time. If the modification is a policy or a logging change, then use Update All. If the modification is a configuration change, we recommend that you update the servers one at a time.
When you make the following configuration changes, the Update All option is the only option available and your site will be unavailable while the update occurs:
For more information, see Applying Changes to Access Gateway Cluster Members. |
Update |
If the configuration update contains a configuration error, the Update link is disabled and the Configuration Error icon is displayed. Click the icon to discover which objects have been misconfigured. You need to fix the error by canceling or modifying the changes before you perform an update. |
Update All |
If the configuration update contains a configuration error, the Update All and the member Update links are disabled and the Configuration Error icon is displayed. Click the icon to discover which objects have been misconfigured. You need to fix the error by canceling or modifying the changes before you perform an update. |
Pending |
Indicates that the server is processing a configuration change, but has not completed the process. |
Locked |
Indicates that another administrator is making configuration changes. Before you proceed with any configuration changes, you need to coordinate with this administrator and wait until Access Gateway has been updated with the other administrator’s changes. |
NOTE:Do not push the configuration from Administration Console to devices during peak system usage times.
Purge List Now/ Purge Cache: Causes a process level restart and terminates all the existing connections and downloads. The users do not need to reauthenticate, but issuing a purge list or cache command might result in a higher load on the service provider. If there is a single gateway, issuing a purge list or cache command can cause temporary service disruption for users.
Stop: Stops the proxy component in Access Gateway Appliance, makes it unavailable for user requests and terminates all the existing connections and downloads. The users do not need to reauthenticate, but stopping the proxy component can result in a higher load on the identity provider and other gateway cluster members.
Restart: Triggers a restart of the operating system of Access Gateway Appliance, where all existing connections and downloads are terminated. The users do not need to reauthenticate, but restarting the operating system can result in a higher load on the identity provider and other gateway cluster members.
Service Provider > Restart: Causes the ESP and proxy to clear the user session information and refresh the policy information. Access might be denied to protected resources and resources that need policy evaluation during the restart process.
Service Provider > Stop: Causes the ESP and proxy to clear the user session information. You cannot access the protected resources and resources that need policy evaluation.
Rewriter Profile Change: Changing the rewriter profile causes Administration Console to issue a purge cache command to Access Gateway. Issuing a purge cache command causes a process level restart and terminates all the existing connections and downloads.
Accelerated Web Service Change: Changing the accelerated web server details causes Administration Console to issue a purge cache command to Access Gateway. Issuing a purge cache command causes a process level restart and terminates all the existing connections and downloads
Service Creation: If your gateway cluster is behind an L4 switch, ensure that you review or modify the L4 configuration to reflect any new service that you can create.
TCP Connect Options: Increasing the Data Read Timeout values or the Idle Timeout values impacts the user experience if the web servers are unreachable. Disabling the persistent connections also impacts the user experience.
Date and Time: Changing date and time or the NTP server configuration impacts the existing user session timeout values. It is critical to keep the time settings in Access Gateways and Identity Servers synchronized in order to prevent authentication failures and unexpected session times out. There is no other impact than authentication failures and unexpected session times out.
Audit Configuration Changes or Audit Server Health: If the audit server is busy or unreachable, it causes a delay in browsing, including Administration Console access. There is no other impact than delay in browsing and accessing Administration Console.
Network Related Changes: Be cautious in making changes to the network parameters like Adapter, IP address, Netmask, Gateways, DNS, Hosts, and Route. The users can be impacted by these changes because the connections are reset; however, user reauthentication might not be required. Incorrect configuration leads to system inaccessibility on the network and you cannot access Access Gateway Service.
You must not change security setting options during the peak system usage hours.
Signing: Before changing it, ensure that Identity Server trust store contains the root CA certificate and possible intermediate CA certificates to complete the trust chain.
Trust Store: Before changing it, ensure that you have all the root CA certificates and possible intermediate CA certificates to complete the trust chain to trust any certificates used by Identity Server.
Cache Options: Be cautious in making changes to the cache options. Changing cache options can impact the performance of your Access Manager system. You might see an increase or decline in Access Gateway performance, depending on the changes made to the cache options.
Click Devices > Access Gateways.
(Conditional) To schedule a shutdown or restart, select a server, then click Actions > Schedule Restart or Schedule Stop. Continue with Step 4.
(Conditional) To schedule an upgrade for Access Gateway Appliance, click [Name of Server] > Upgrade > Schedule Upgrade.
Specify the following details:
Field |
Description |
---|---|
Name Scheduled Command |
Specify a name for this command. This name is used in log files. |
Description |
(Optional) Specify a reason for the command. |
Date & Time |
Select the day, month, year, hour, and minute when the command must execute. |
The following fields display information about the command you are scheduling:
Type: Displays the type of command that is being scheduled, such as Access Gateway Shutdown, Access Gateway Restart, or Access Gateway Upgrade.
Server: Displays the name of the server that the command is being scheduled for.
Click OK.