Help Center
Quick Start
- Overview
- System requirements
- Minimum privileges required
- Default port configuration
- Installing DataSecurity Plus
- Uninstalling DataSecurity Plus
- Starting DataSecurity Plus
- Launching DataSecurity Plus
- Configuring your solution
- Licensing details
- Applying a license
File Auditing
- About File Auditing
- Domain configuration
- File server configuration
- Failover cluster configuration
- NetApp server configuration
- Workgroup configuration
Setting up File Audit
Dashboard
Reports
Alerts
Configuration
Storage Configuration
File Analysis
- About File Analysis
- On-Demand Reports
Setting up File Analysis
Dashboard
Reports
Alerts
Configuration
Data Risk Assessment
- About Data risk assessment
Setting up Data risk assessment
Dashboard
Reports
Ownership analysis
Configuration
Endpoint DLP
- About Endpoint DLP
Setting up Endpoint DLP
Reports
Alerts
Prevention policies
Configuration
Cloud Protection
- About Cloud Protection
- Gateway Server Configuration
- Certificate Authority Configuration
- Gateway Configuration in Endpoint
- Manage Certificate Trust Store
- Threat Analytics Database
- Manage Banned Applications
- Manage Authorized Applications
- Gateway Server Failover
- Two-way SSL configuration
- Global Insight
- Application Insight
- User Insight
- Shadow Application Insight
- Banned Application Insight
- Cloud App Discovery
- Cloud Access Reports
- Application Insights
- Shadow Cloud Application Reports
- Banned Cloud Application Reports
- File Upload & Download Reports
Setting up Cloud Protection
Dashboard
Reports
Control Policies
Storage Configuration
Administrative settings
- Technician configuration
- Notification filters
- Manage agent
- Agent settings
- SIEM integration
- Business hours configuration
- Two-factor authentication
- Workgroup configuration
- Security policy
Email configuration
General settings
- Connection
- Personalize
- DataSecurity Plus Server
- Privacy Settings
- Disk utilization
- Schedule Retention Policy
Policy Configuration
Release notes
2024
2023
2022
2021
2020
2019
2018
2017
2016
2015
Troubleshooting
- HTTP communication failure
- Dormant DataEngine
- Secure Gateway server failure
- RPC communication failure
- Known issues and limitations
- Known errors and solutions
Guides
- Agent document
- How to Migrate/Move DataSecurity Plus
- How to apply SSL certificate
- How to automate DataSecurity Plus database backup
- How to set alerts in DataSecurity Plus
- How to secure your DataSecurity Plus installation
Configuring a gateway server
A gateway server monitors web traffic to provide actionable insights into the web applications used and helps enforce data protection policies like blocking unsanctioned applications.
Steps to configure gateway servers:
- Select Cloud Protection from the application drop-down menu at the top.
- Navigate to Configuration. Select Gateway Servers under the Server section.
- Click + Add Gateway Server located at the top-right corner.
- In the Deployment Type page, you have the option of running the Cloud Protection module in your production environment or as a trial using our setup. Once you've decided which you'd like to use, click Go.
- In the Server Configuration page:
- Enter a suitable name in the Alias field to identify the gateway server in the dashboard and reports.
- Enter the Computer Name of the machine where you would like to run the gateway server.
- Enter the appropriate Port number.
- Retain the OS as Windows (the default setting).
- In the SSL Configuration page:
- Choose the preferred Transport Layer Security (TLS) versions.
- Under Deep Packet Inspection, select the suitable Mode from the drop-down menu.
- Enable: Monitors all web traffic content
- Mixed Mode: Inspects only specific cloud applications
- Disable: Does not perform deep packet inspection
- Configure settings in the Proxy Chain page if the existing gateway server needs to connect to another proxy server for connecting to the internet. Enter the details of the proxy servers as applicable.
- Run through the settings in the Review Summary page, and click Save.
Note: Windows is currently the only OS that DataSecurity Plus supports.
Note: You can select either one or more of the TLS versions as needed for your environment. SSL versions preceding TLSV1.0 are not supported.
Note: All cloud applications that are part of the File Upload Reports are configured in Mixed Mode by default.
Once Deep Packet Inspection is enabled, you will need to create or select an existing certificate authority (CA) certificate.
You can create a new CA certificate either by clicking Create new CA Certificate button or by visiting the Server CA Management page and then following these steps.
Proxy setting | Required details |
No proxy | -- |
Auto proxy | -- |
PAC proxy | PAC script location |
IP proxy | IP address with port |
PAC Script Location: The URL of the Proxy Auto-Configuration (PAC) file that contains scripts on how to handle web traffic requests.
Upon successful configuration you will be directed to the Manage Agent page.
Troubleshooting gateway server errors
Errors in gateway server communication or configuration are displayed under Cloud Protection > Configuration > Gateway Servers > Health column. The potential gateway server errors you may encounter are listed below along with the follow-up actions to troubleshoot each error.
Error code | Error message | Reason for error | Follow-up action |
600005 | Update Gateway Server | Outdated gateway server version preventing access to new features; the gateway server performance will remain unaffected. | Update the gateway server by following the steps in the Updating Gateway Servers page. |
600009 | Sync blocked due to Gateway Server version mismatch | Gateway server version is outdated, preventing access to new features and configuration sync updates. The gateway server will perform minimal functions only. | Update the gateway server by following the steps in the Updating Gateway Servers page. |
600006 | Failed to communicate with the DataSecurity Plus server | The gateway server's attempts to communicate with the DataSecurity Plus server failed. | To resolve communication issues, try the following steps:
Refer to the default port configuration details here. |
600103 | TCP port unavailable | The TCP port used by DataSecurity Plus to communicate with the gateway server is blocked or occupied by another process. | By default, DataSecurity Plus uses the TCP port 8888. To resolve issues with this port, try the following steps:
Refer to the default port configuration details here. |
600104 | Gateway Server Access Key regenerated | Gateway Server Access Key has been regenerated and updated in one or more gateway servers. | Update the Gateway Server Access Key by following the steps in the Regenerating Gateway Server Access Key page. |
600105 | Low disk space | The machine running Cloud Protection has less than 2GB of free space. Cloud app auditing will be stopped until the issue is resolved. | To resolve the issue, free up disk space or add additional space to the machine running Cloud Protection.
After you have allotted additional disk space, restart the ManageEngine DataSecurity Plus - Cloud Protection Gateway service. |
600202 | Failed to start proxy unit | Proxy unit within the gateway server could not be started. | For assistance in resolving the issue, please write to us at support@datasecurityplus.com. |
600204 | Proxy unit port unavailable | The port used by the proxy unit is unavailable. | By default, the proxy unit uses port 8200. To resolve the issue, try the following steps:
|
600209 | Configuration files missing or corrupted | Gateway server configuration sync during initial installation is unsuccessful. | For assistance in resolving the issue, please write to us at support@datasecurityplus.com. |
600206 | Failed to start proxy unit (-) Proxy Chain source unreachable | Proxy chain source settings specified are incorrect. | To resolve the issue, check the existing proxy chain configuration and reset it if required. To reset proxy chain configurations:
|
600207 | Invalid PAC Script | The Proxy Auto-Configuration (PAC) file script has errors. | Check the existing PAC script file you've configured and rectify syntax errors, if any. |
600208 | Unable to download PAC script | The PAC script location specified during the initial setup is incorrect. | To resolve the issue, ensure that the specified PAC script location is correct and that the script file is accessible. To reset the PAC script location in the gateway server configuration:
|
600301/600309 | Configuration sync mismatch | Configuration details from DataSecurity Plus Server could not be sent to the gateway server. | For assistance in resolving this issue, please write to us at support@datasecurityplus.com. |
600302 | Sync Error - Failed to sync CA certificate | Configuration sync with CA certificates configured was unsuccessful. | For assistance in resolving this issue, please write to us at support@datasecurityplus.com. |
600303 | Sync Error - Failed to sync Trust Store list | Configuration sync with Cloud Protection Trust Store was unsuccessful. | For assistance in resolving this issue, please write to us at support@datasecurityplus.com. |
600304 | Sync Error - Failed to sync Sanctioned Applications list | Configuration sync with Sanctioned Applications list was unsuccessful. | For assistance in resolving this issue, please write to us at support@datasecurityplus.com. |
600305 | Sync Error - Failed to sync Banned Applications list | Configuration sync with Banned Applications list was unsuccessful. | For assistance in resolving this issue, please write to us at support@datasecurityplus.com. |
600306 | Sync Error - Unable to reach Proxy Chain source | Configuration sync for updating gateway servers with Proxy Chain source details was unsuccessful. | To resolve the issue, examine and rectify errors in the proxy chain source configuration. To reset the proxy chain source:
|
600307 | Sync Error - Unable to parse PAC script | PAC script could not be parsed due to syntax errors. | To resolve examine and rectify errors in the PAC script file. |
600308 | Sync Error - Unable to download PAC script | The PAC script download was unsuccessful during the configuration sync or after configuration edits. | To resolve the issue, ensure that the specified PAC script location is correct and that the script file is accessible. To reset the PAC script location in the gateway server configuration:
|