Secure Gateway Server

How Secure Gateway works?

Secure Gateway Server is a component that will be exposed to the internet. The Secure Gateway Server acts as an intermediate server between the managed roaming agents and the central server. All communications from the roaming agents will be navigated through the Secure Gateway. When the agent tries to contact the central server, Secure Gateway server receives all the communications and redirects to the central server.

Note: Map your Secure Gateway's public IP address and product server's private IP address to a common FQDN in your respective DNS. For example, if your FQDN is "product.server.com", map this to both your Secure Gateway and central server IP address. By this mapping, the WAN agents of roaming users will access the central server via Secure Gateway (using internet) and the agents within the LAN network will directly reach central server, hence leading to quicker resolution.

Software requirements for Secure Gateway Server

You can install Secure Gateway Server on any of these Windows operating system versions:

• Windows 10
• Windows 11
• Windows Server 2016
• Windows Server 2019
• Windows Server 2022

Hardware requirements for Secure Gateway Server

The hardware requirements for Secure Gateway Server include the following :

To introduce Secure Gateway based communication to Endpoint Central, follow the steps given below:

• Steps to Modify Endpoint Central Settings
• Steps to Install and configure Secure Gateway
• Infrastructure recommendations

Steps to Modify Endpoint Central Settings

1. Enter Secure Gateway IP address instead of Central server IP address under Endpoint Central server details while adding remote office. This is to ensure the WAN agents and Distribution Server communicate through the Secure Gateway.
2. Enable secured communication(HTTPS) under DS/WAN agent to Central server communication.
3. Configure NAT settings using the Secure Gateway's public FQDN/IP address.  
   • On the product console, click on Admin tab > Server Settings >NAT Settings        
   • Choose to Manage Devices Via the Internet
   • Add the FQDN of the Secure Gateway Server against the Public FQDN under NAT settings as shown below

Steps to Install and configure Secure Gateway

1. Download and install Secure Gateway on a machine in Demilitarized zone.
2. Enter the following details under Setting up the Secure Gateway window, which will open after the installation process.

• Endpoint Central Server Name: Specify the FQDN/DNS/IP address of the Endpoint Central server. Or specify virtual IP address if Failover server is used.
• Endpoint Central Https Port: Specify the port number that the mobile devices use to contact the Endpoint Central server (eg: 8383). It is recommended to use the same port 8383(HTTPS) for Central Server in secured mode.
• Endpoint Central Notification Server port: 8027 (to perform on-demand operations), this will be pre-filled automatically
• Web Socket Port : 8443(HTTPS), this will be pre-filled automatically.
• Username & Password: Enter Endpoint Central user's credentials with administrative privilege.

Infrastructure recommendations

Ensure that you follow the steps given below:

1. Secure Gateway's public IP address with the port 8383(https) should be provided to the Central server for accessibility verification.
2. Using a public IP address is recommended for configuring non-AD machines.
3. Configure Secure Gateway in such a way, that it should be reachable via public IP/FQDN address configured in NAT settings. You can also configure the Edge Device/Router in such a way that all the request that are sent to the Public IP/FQDN address gets redirected to the Endpoint Central Secure Gateway.
4. It is mandatory to use HTTPS communication