Security Parameters of the Gateway

gw/acl_file

This parameter specifies the name of an access control list (ACL) file. With an ACL you can configure who is permitted to connect to the gateway.

For more information, see: Configuring Network-Based Access Control Lists (ACL)

gw/acl_mode

The parameter defines the behavior of the gateway, if no ACL file ( gw/sec_info or gw/reg_info) exists.

The following values are permitted:

• 0 : There is no restriction with starting external servers or registering servers.

• 1 : External and registered servers are only permitted within the system (application servers of the same system). All other servers are rejected or have to be maintained in the respective files.

gw/logging

With this parameter you can configure gateway logging. You can specify whether the gateway writes its actions to a log file, which types of actions are logged, and how the file is renamed. You have the options to define a maximum size for the file, and to specify whether old files are overwritten.

You must set the parameter as follows:

gw/logging = LOGFILE=<name> ACTION=[TERSMPXVCO] 
[MAXSIZEKB=n] [SWITCHTF=t] [FILEWRAP=on] 
            

The meaning of the individual elements is as follows:

• LOGFILE: File name of the log file

• ACTION: The character sequence (subset from TERSMPXVCO) specifies the actions to log.

• MAXSIZEKB (optional): Maximum file size. As soon as the file exceeds this size, a new file is opened, whereby the new file name can change if special characters are used. This is a the case unless a condition was specified for SWITCHTF that applies first.

• SWITCHTF (optional): Opens a new file after a specific time period, unless a condition was specified for MAXSIZEKB that applies first.

  The following values can be specified:

  • year: After one year a new file is opened

  • month: After one month

  • week: After one week

  • day: After one day

  • hour: After one hour

• FILEWRAP (optional): Reuse file. This parameter can only have value ON. If this value is set, no new file is written, but the one already open is reset and rewritten to. The values for parameter LOGFILE are only used the first time the file is opened.

gw/monitor

This parameter specifies how the Gateway handles monitor commands.

The following values are possible:

• 0: No monitor commands are accepted

• 1: Only commands from the local Gateway monitor are accepted

• 2: Commands from local Gateway monitors and external Gateway monitors are accepted.

Dynamic yes

gw/sec_info

File with the security information.

Any unauthorized starting of external programs can be prevented by maintaining the file secinfo in the data directory of the gateway instance.

For more information, see: Making Security Settings for External Programs

gw/reg_info

File with the security information for registered programs.

Unauthorized registration of programs can be prevented by maintaining the file reginfo in the data directory of the gateway instance.

If the file exists, the system searches for valid registration entries in this list. If there are none, the system searches, as up to now too, in the gw/sec_info file.

For more information, see: Making Security Settings for External Programs

SNC Parameters

There are a number of additional parameters that control the behavior of the Gateway in conjunction with SNC (Secure Network Communication).