Cryptzone Support

If you wish to submit a support ticket please sign in to your customer portal or use the “submit a ticket” button at the top menu.
If you need to find documentation about our Sheriff Suite please login to the Hive- Click Here




« Go Back

While configuring the SSL client option of an AppGate Security Server is pretty straightforward there are a few steps that should be taken to future proof the design. This guide will show you how to do this.


In it's most simple form the AppGate will have one external network and one internal network. The external network is connected to the AppGate via a network interface that has been assigned an IP number which is reachable from the external (typically the Internet) either directly or through a firewal/NAT device.  Normally ports 80/tcp (http) and 22/tcp (ssh) needs to be reachable.

Two very common enhancements to the configuration may interfere with each other if precautions are not taken:

  • The SSL client is an add-on option to the AppGate Security Server that will enable access to some of the services provided by the AppGate through any https capable web client. The SSL client option will start a listener on port 443/tcp (https) on the AppGate Security Server.
  • Adding an additional listener for ssh on port 443/tcp is a way of circumventing some firewalls. In some public hotspots (ex wireless networks in some hotels) only web traffic (http and https) is allowed. This will prevent proper function of the AppGate system (except for the SSL client). By adding an extra listener on port 443 it is possible to work around this problem except in a some very rare cases where the https stream is actually inspected.

The problem is that they both uses the same port on the AppGate Security Server.

How to configure 

In order to avoid this collision it is best practice to assign a separate interface for the SSL client option, usuall a virtual interface. Creating a virtual interface amounts to configure the real interface to listen to an additional IP number.

  1. Add a virtual interface to the interface connected to the external network. Go to System Settings->Network/Cluster Management_>System:... . Right click on the line of the interface and select "Add a virtual interface".
  2. Enable the new interface, assign a hostname (if your normal interface is called you might call the new one, a new IP number from the external network and uses the drop down menu to connect it to the external network.
  3. Commit
Article Info
3/13/2015 8:43 AM
3/13/2015 8:43 AM



Was this article helpful?



Please tell us how we can make this article more useful.

Characters Remaining: 255