Configuring a gateway server
A gateway server monitors web traffic to provide insights into the web applications used and helps enforce data protection policies like blocking unsanctioned applications. Here's how you can configure the gateway server in Log360 Cloud.
Steps to configure Cloud Protection:
- Navigate to the Settings tab of Log360 Cloud.
- Select Cloud Protection Settings from the application drop-down menu at the top.
- Select Gateway Server under the Server section.
- Click + Add Gateway Server located at the top-right corner.
- In the Deployment Type page, you have the option of running the Cloud Protection module in your production environment or as a trial using our setup. Once you've decided which option you'd like to use, click Go.
- In the Server Configuration page:
- Enter a suitable name in the Alias field to identify the gateway server in the dashboard and reports.
- Enter the Computer Name of the machine where you would like to run the gateway server.
- Enter the appropriate Port number.
- Retain the OS as Windows (the default setting).
Note: Windows is currently the only OS that Cloud Protection module supports.
In the SSL Configuration page:
Configure settings in the Proxy Chain page if the existing gateway server needs to connect to another proxy server for connecting to the internet. Enter the details of the proxy servers as applicable.
- Choose the preferred Transport Layer Security (TLS) versions.
Note: You can select either one or more of the TLS versions as needed for your environment. SSL versions preceding TLSV1.0 are not supported.
- Under Deep Packet Inspection, select the suitable Mode from the drop-down menu.
- Enable: Monitors all web traffic content
- Mixed Mode: Inspects only specific cloud applications
- Disable: Does not perform deep packet inspection
Note: All cloud applications that are part of the File Upload Reports are configured in Mixed Mode by default.
Once Deep Packet Inspection is enabled, you will need to create or select an existing certificate authority (CA) certificate.
You can create a new CA certificate either by clicking Create new CA Certificate button or by visiting the Server CA Management page and then following these steps.
||PAC script location
||IP address with port
PAC Script Location: The URL of the Proxy Auto-Configuration (PAC) file that contains scripts on how to handle web traffic requests. Learn more about PAC scripts.
Run through the settings in the Review Summary page, and click Save.
Upon successful configuration you will be directed to the Manage Agent page.
Warning: DPI will always work in DISABLED state for "autoupdate.geo.opera.com" domain due to certificate pinning.