Define a Security Zone
When setting up a new Security Zone, it is a good idea to set up a Gateway Network first if you haven't already. While Security Zones can be defined and used without a connected Gateway, they work best when used in conjunction with other Gateways on a Gateway Network.
There is a special zone called Default. It is always present and can't be modified, and will be used if an incoming connection does not match any of the other defined zones.
- Under the Config tab of the Gateway Webpage go to Security > Security Zones.
- Select the Create new Security Zone link.
- Enter a name and description for the new zone.
- The identifiers are how incoming connections are distinguished between different zones. While there are a few different ways to define the incoming connection, it only needs to match one of them to match this zone. In the Identifiers section, enter an IP Address and a Gateway name.
After first being identified as part of a particular Security Zone, the connection then must check the Qualifiers. With the Qualifiers, the incoming connection needs to fit in with all of the properties before it is fully placed into the Security Zone. In the Qualifiers section, select the Require Secure Connection option. Leave the others at their default.s
- Click Create New Security Zone. The page will refresh and you will see a green banner stating that your new Security Zone was successfully created.
This defines an IP address that the connection is coming from. This can be a list of IP addresses by using commas to separate them. It can also make use of the (*) wildcard like '192.168.100.*', or use a range such as '100.100.1-100.0-255'. With IP addresses, virtually all connections can be listed. Use 127.0.0.1 for the local connection.
|Host Names||The host name refers to the system name of the machine generating the request such as Joe_Workstation. This can be a list of names separated by commas, and it can also use the (*) wildcard like '*_Workstation'.|
A list of Gateway system names that qualify for this zone.
|Require Secure Connection||If this is true, only connections that are made over a secure channel will be accepted.|
|Direct Connection Required|
If this is true, only connections that come from a direct connection will be accepted. The Gateway Network allows you to connect three Gateways in a 1-2-3 configuration, where Gateway 1 can see Gateway 3 through the proxy Gateway 2.
|Allow Client Scope|
If this is false, any client scoped requests will not be accepted.
|Allow Designer Scope||If this is false, any Designer scoped requests will not be accepted.|
|Allow Gateway Scope||If this is false, any Gateway scoped requests will not be accepted.|