Difference between revisions of "Seon SmartProxy"
(New page: == What is Seon SmartProxy == Seon SmartProxy is a software product which enables you to maintain OFTP2 Proxy activities in a very secure manner. This includes: *Partner verification upon ...) |
|||
Line 4: | Line 4: | ||
*OFTP2 message syntax verification | *OFTP2 message syntax verification | ||
*TLS termination in the DMZ | *TLS termination in the DMZ | ||
+ | *configurable outgoing IP address | ||
*No configuration values needed in DMZ | *No configuration values needed in DMZ | ||
*Secure backend communication via https | *Secure backend communication via https | ||
Line 23: | Line 24: | ||
*Seonapi, accessed via https | *Seonapi, accessed via https | ||
− | |||
== Licensing == | == Licensing == | ||
Seon Proxy is licensed via a license file at the Seon Proxy (not client) side: only one license is needed to keep the system up and running. This license is based on an Seon Proxy ID on the proxy server side, which can be easily obtained via a command line parameter: | Seon Proxy is licensed via a license file at the Seon Proxy (not client) side: only one license is needed to keep the system up and running. This license is based on an Seon Proxy ID on the proxy server side, which can be easily obtained via a command line parameter: | ||
Line 34: | Line 34: | ||
but an alternative location can be given with the commandline option "-l": | but an alternative location can be given with the commandline option "-l": | ||
dmz:~ # /opt/seon/seon_proxy -l /usr/licenses/seon_proxy.lic | dmz:~ # /opt/seon/seon_proxy -l /usr/licenses/seon_proxy.lic | ||
+ | |||
+ | == Seon SmartProxy server == | ||
+ | The Seon SmartProxy server is the part which connects to the outside world and which must be reachable via a defined port on the internet. The port on which the server listens to is configured in the Seon administrative panel, "Configuration" -> "TCP/IP" -> "[[Seon_Core_configuration#TCP.2FIP_port_of_OFTP_server_.28TLS.29|TCP/IP port of OFTP server (TLS)]]". |
Revision as of 14:59, 15 November 2011
Contents
What is Seon SmartProxy
Seon SmartProxy is a software product which enables you to maintain OFTP2 Proxy activities in a very secure manner. This includes:
- Partner verification upon session initialization before OFTP2 takes place
- OFTP2 message syntax verification
- TLS termination in the DMZ
- configurable outgoing IP address
- No configuration values needed in DMZ
- Secure backend communication via https
- Support for both incoming and outgoing connections
- Manageable logging activities supporting intrusion detection systems
- Extended logging of all activities
Differences against Seon Proxy
Seon Proxy supports to forward any TCP/IP package from any source port to any destination via a combination of Seon proxyserver and proxyclient. The protocol used on top of this connection is not under control of this Seon proxy.
Seon SmartProxy terminates the encrypted session of OFTP2 TLS sessions at its end-point (proxy server), verifies any traffic and forwards it securely to the inside proxy client, where it is being transported to the Seon receive daemon. This enables the Seon SmartProxy to analyze the complete traffic used in the communication stream, so invalid packages lead to session termination.
The design of the Seon SmartProxy is that the proxy server and proxy client use as less information as needed for operation. Everything needed for operation is communicated to a secure backend via https.
Involved programs
The used components for the implementation of an Seon SmartProxy are:
- Seon SmartProxy server
- Seon SmartProxy client
- Seonapi, accessed via https
Licensing
Seon Proxy is licensed via a license file at the Seon Proxy (not client) side: only one license is needed to keep the system up and running. This license is based on an Seon Proxy ID on the proxy server side, which can be easily obtained via a command line parameter:
dmz:~ # /opt/seon/seon_proxyserver2 -L Seon Proxy ID: c6bc8d9b37c5e36333a41acdda653aaef7fd4a00459eeb32a8a41059e23017c8px
This Seon Proxy ID is needed for license generation, which can be done for test purposes on the product website at http://www.seon.de/key.
The valid license will be searched by default at
/etc/seon_proxy.lic
but an alternative location can be given with the commandline option "-l":
dmz:~ # /opt/seon/seon_proxy -l /usr/licenses/seon_proxy.lic
Seon SmartProxy server
The Seon SmartProxy server is the part which connects to the outside world and which must be reachable via a defined port on the internet. The port on which the server listens to is configured in the Seon administrative panel, "Configuration" -> "TCP/IP" -> "TCP/IP port of OFTP server (TLS)".