Configure the Gateway for Remote Access

If the Appliance Gateway node will be managed remotely by the  - Enterprise Service Manager, select option 5 (Display Remote Management configuration) from the Gateway Main Menu.
gateway10
If the Appliance Gateway node will be managed remotely by the 
Layer7 API Gateway
 - Enterprise Service Manager, select option 
5
 (Display Remote Management configuration) from the Gateway Main Menu.
 (1) Software Gateways cannot be remotely managed. (2) Restart the Gateway for configuration changes to take effect, using option 
R
 from the Gateway main menu.
 
Option
 
 
Description
 
 
1) Listener IP Address
 
Select this option to enter the IP address of the Internal Management LAN. This is the "ssg_eth0" interface shown in the diagrams under Network Deployment Guide.
If the IP of ssg_eth0 is not readily available or if your deployment contains only a single network interface, enter "
*
" (asterisk) or "
localhost
" as the listener IP address.
 
2) Listener Port
 
Select this option to change the listening port from the default "8765".
Ensure that the IP address/port number combination is valid and is not used by another process.
The listen port is stored in the cluster property 
node.processControllerExternalPort
. You can update this listen port in the future by modifying the cluster property.
 
3) Remote Node Management Enabled
 
Select this option to enable or disable remote management for the node:
To enable remote management, enter 
yes
.
To disable remote management, enter 
no
.
By default, remote management is disabled on all nodes.
 
4) New Trusted Certificate
 
 
4) Delete Trusted Certificate
 
Select this option to enable trust between the node and the Enterprise Service Manager that will be remotely controlling it.
Option 4 will read "
New Trusted Certificate
" if trust has not yet been established. Once trust is established, it will read "
Delete Trusted Certificate
".
 
To enter a new trusted certificate:
 
Do one of the following:
    • Enter the URI from which to download the trusted certificate; for example:
 
https://machine.domain.com:8182
 
This downloads the certificate from the Enterprise Service Manager and stores it as a trusted certificate on the Gateway.
 
Tip:
 The ESM port number is defined using option 
7
 (Display Enterprise Service Manager configuration menu).
    • Enter the thumbprint of the SSL certificate from the Enterprise Service Manager. This thumbprint is visible on the [Settings] tab > System Settings page of the ESM.
This thumbprint method offers the flexibility of establishing trust without dealing with firewall issues associated with opening another port.
If you enter a thumbprint, you can only review the thumbprint; the other certificate details are not yet available.
 
2. Examine the certificate details and enter 
y
 to accept it.
A node can be remotely managed by only one Enterprise Service Manager at (ESM) a time. To change the ESM that is managing a node, first delete the trusted certificate and then add a new trusted certificate.
 
 
To delete a trusted certificate:
 
  • Enter 
    y
     to confirm the deletion.
Once the certificate is deleted, you can use option 4 again to enter the trusted certificate from another ESM.