Two main types of firewalls exist: packet filtering firewalls and proxy servers. If a proxy server must be negotiated for a direct internet connection, the Cleo Harmony, Cleo VLTrader, and Cleo LexiCom applications support FTP, HTTP, and SMTP application-level proxies.
If you are unsure if you need to configure an HTTP proxy, check your browser to see if it is configured to use a proxy. See your browser's documentation for more information.
If you are still unsure of whether a proxy needs to be configured, contact your local network administrator.
An FTP proxy can only be used by FTP hosts and an SMTP proxy can only be used by SMTP hosts, while an HTTP proxy can be used by most of the host types. If all or most of your remote FTP hosts will be accessed thru the same proxy, consider specifying a Default FTP Forward Proxy. Likewise for FTP/s, HTTP, HTTP/s, and SMTP hosts. If necessary, the default forward proxy can be overridden within a specific host.
- In the web UI, go to Administration > Network > Proxies. In the native UI, select Configure > Proxies in the menu bar.
- Configure a new HTTP(/s) proxy that uses the Cleo VLProxy application.
- Click New VLProxy.
A Cleo VLProxy configuration dialog box appears.
- Provide the information to configure the Cleo VLProxy instance and then click OK.
See Cleo VLProxy configuration reference for more information.
- Click New VLProxy.
- Configure an FTP proxy.
- Click New FTP Proxy.
The FTP Application-Level Proxy dialog box appears.
- Provide the information to configure the new FTP proxy instance and then click OK.
See FTP proxy configuration reference for more information.
- Click New FTP Proxy.
- Configure an HTTP(/s) proxy that does not use Cleo VLProxy
- Click New HTTP Proxy.
The HTTP Application-Level Proxy dialog box appears.
- Provide the information to configure the new HTTP proxy instance and then click OK.
See HTTP proxy configuration reference for more information.
- Click New HTTP Proxy.
- Configure an SMTP proxy.
- Click New SMTP Proxy.
The SMTP Application-Level Proxy dialog box appears.
- Provide the information to configure the new SMTP proxy instance and then click OK.
See SMTP proxy configuration reference for more information.
- Click New SMTP Proxy.
- Configure a SOCKS proxy.
You can use a SOCKS proxy as a forward proxy for all remote hosts except fasp, MLLP, MQ Series, and SMTP.
- Click New SOCKS Proxy.
The SOCKS Application-Level Proxy dialog box appears.
- Provide the information to configure the new SOCKS proxy instance and then click OK.
See SOCKS proxy configuration reference for more information.
- Click New SOCKS Proxy.
- Optional - Specify default forward proxies.
A default proxy is useful when all or most of your remote hosts for a given protocol use the same proxy. You can select a default proxy for FTP, FTP/s, HTTP, HTTP/s, and SMTP.Select a forward proxy from the menu appropriate for the protocol. Each menu is populated proxies you have already configured.
- Optional - Select an SMTP mail server from the SMTP Mail Server.
The SMTP Mail Server menu is populated with SMTP proxies you have already configured.
If the mail server requires SMTP authentication, select either plain or login authentication for the SMTP proxy to enable the username and password fields. See SMTP proxy configuration reference. If you are not sure of these values, contact your network administrator.
Note: The selected proxy authentication setting is ignored during authentication with the mail server. Instead, the authentication mechanism used is the first available authentication mechanism in the mail server.If you select None in the SMTP Mail Server field, the Cleo Harmony, Cleo VLTrader, or Cleo LexiCom application will attempt to derive the SMTP mail server based on the destination email address.
Click Test to verify that the Cleo Harmony, Cleo VLTrader, or Cleo LexiCom application is able to successfully send email alerts whether the SMTP Mail Server has been defined or not.
- Once configured, select the SMTP mail server from the list of available SMTP proxies:
An FTP proxy can only be used by FTP hosts and an SMTP proxy can only be used by SMTP hosts, while an HTTP proxy can be used by most of the host types. If all or most of your remote FTP hosts will be accessed thru the same proxy, then set the Default FTP Forward Proxy. Likewise for FTP/s, HTTP, HTTP/s, and SMTP hosts. If necessary, the default forward proxy can be overridden within a specific host.
Cleo VLProxy configuration reference
Provide values for these field to configure a Cleo VLProxy instance.
- Proxy Server Address
- Port #
- Server address and port number to use for the Cleo VLProxy. These are required fields.
- Forward proxy group
- One or more instances of Cleo VLProxy grouped together for different purposes, for example, internal vs. external communications.
- To create a new group, type the name of the group in the text box.
- To select an existing group, pull down the menu and select a group.
- Forward proxy backup only
- Select this check box to specify this proxy as a backup for other proxies in the same group. The Cleo Harmony, Cleo VLTrader, or Cleo LexiCom application will attempt to use an available backup Cleo VLProxy instance only if it is unable to use the primary forward Cleo VLProxy instance.
- You cannot select the same proxy to be a backup and the default forward proxy at either the system or host level.
- Forward proxy load balance
- Select this check box to balance forward proxy requests across all the available instances of Cleo VLProxy based on the current number of connections to each. Any backup instances configured are included in the load balancing when the primary Cleo VLProxy in not available.
- This field is only available when there are multiple instances of Cleo VLProxy configured in the same group.
- Enable reverse proxying
- Select this check box to use the reverse proxy feature of the Cleo VLProxy application for incoming HTTP messages. If you enable reverse proxying, the reverse proxy is used for all asynchronous MDNs for all AS2 hosts.
- If you select the Enable reverse proxying check box, the Reverse forward connections check box is enabled.
- Reverse forward connections
- Select this check box to indicate that all incoming reverse requests from the Cleo VLProxy application should use connections that originate from the Cleo Harmony, Cleo VLTrader, or Cleo LexiCom application forward to the Cleo VLProxy application. In other words, with this setting on, no inbound HTTP or HTTP/s port need be open through the firewall for incoming Cleo VLProxy requests. In fact, the HTTP and HTTP/s ports in the Local Listener can be disabled unless there is also local traffic coming directly to the Cleo Harmony, Cleo VLTrader, or Cleo LexiCom application.
- The product establishes an available reverse connection pool with the Cleo VLProxy application, the size of which is based on the Local Listener Incoming Connection Backlog Size advanced property (see Specifying Local Listener advanced properties). When an incoming request uses one of the available connections, the pool is immediately replenished. If the request to the Cleo VLProxy application is over a secure port, the connection to the Cleo Harmony, Cleo VLTrader, or Cleo LexiComapplication is converted to a secure port just prior to the incoming request starting. (Note: If not using Reverse forward connections and the request to the Cleo VLProxyapplication is over a secure port, the request from the Cleo VLProxy application into the Cleo Harmony, Cleo VLTrader, or Cleo LexiCom application uses a secure port if the Local Listener HTTP/s port is enabled.) While maintaining the available connection pool does add extra overhead, connections are established ahead of time; therefore, throughput with Reverse forward connections on or off should be comparable.
- Selecting the Reverse forward connections check box also enables the Proxy Connection(s) portion of the dialog box.
-
- Proxy Certificate(s)
-
- SSL Certificate
-
- Use Local Listener SSL Server Certificate(s)
-
Select this option to use the SSL certificate(s) configured in the Local Listener for both connections coming in through the Cleo VLProxy application and connections coming directly into the Cleo Harmony, Cleo VLTrader, or Cleo LexiCom application.
- Select Proxy SSL Certificate
- Password
- Select this option to specify an SSL certificate and password to use for connections coming in through the Cleo VLProxy application. The SSL certificates configured in the Local Listener are used for connections coming directly into the Cleo Harmony, Cleo VLTrader, or Cleo LexiCom application. You can use different SSL certificates for each instance of the Cleo VLProxy application.
- You can click Browse to navigate to and select a certificate.
- SSH Certificate
-
- Use Local Listener SSH Server Certificate
- Select this option to use the SSH certificate configured in the Local Listener for both connections coming in through Cleo VLProxy and connections coming directly into Cleo Harmony, Cleo VLTrader, or Cleo LexiCom.
- Select Proxy SSH Certificate
- Password
- Select this option to specify an SSH certificate and password to use for connections coming in through Cleo VLProxy. The SSL certificates configured in the Local Listener are used for connections coming directly into Cleo Harmony, Cleo VLTrader, or Cleo LexiCom.
- You can click Browse to navigate to and select a certificate.
- Use Proxy SSL Certificate
- Select this check box to use the proxy SSL certificate specified in Cleo VLProxy for both SSL and SSH connectionsYou can use different SSH certificates for each Cleo VLProxy.
Comments
0 comments
Please sign in to leave a comment.