Search the ManageEngine site:  
 

Help Center

Quick Start

File Auditing

File Analysis

Data Risk Assessment

Endpoint DLP

Cloud Protection

General settings

Policy Configuration

Release notes

Troubleshooting

Guides

Third-party software Contact us

Configuring a gateway server

A gateway server monitors web traffic to provide actionable insights into the web applications used and helps enforce data protection policies like blocking unsanctioned applications.

Steps to configure gateway servers:

  • Select Cloud Protection from the application drop-down menu at the top.
  • Navigate to Configuration. Select Gateway Servers under the Server section.
  • Click + Add Gateway Server located at the top-right corner.
  • In the Deployment Type page, you have the option of running the Cloud Protection module in your production environment or as a trial using our setup. Once you've decided which you'd like to use, click Go.
  • In the Server Configuration page:
    • Enter a suitable name in the Alias field to identify the gateway server in the dashboard and reports.
    • Enter the Computer Name of the machine where you would like to run the gateway server.
    • Enter the appropriate Port number.
    • Retain the OS as Windows (the default setting).

      • Note: Windows is currently the only OS that DataSecurity Plus supports.

  • In the SSL Configuration page:
    • Choose the preferred Transport Layer Security (TLS) versions.

      • Note: You can select either one or more of the TLS versions as needed for your environment. SSL versions preceding TLSV1.0 are not supported.

    • Under Deep Packet Inspection, select the suitable Mode from the drop-down menu.
      • Enable: Monitors all web traffic content
      • Mixed Mode: Inspects only specific cloud applications
      • Disable: Does not perform deep packet inspection

      Note: All cloud applications that are part of the File Upload Reports are configured in Mixed Mode by default.

    Once Deep Packet Inspection is enabled, you will need to create or select an existing certificate authority (CA) certificate.

    You can create a new CA certificate either by clicking Create new CA Certificate button or by visiting the Server CA Management page and then following these steps.

  • Configure settings in the Proxy Chain page if the existing gateway server needs to connect to another proxy server for connecting to the internet. Enter the details of the proxy servers as applicable.
    • Proxy setting Required details
    No proxy --
    Auto proxy --
    PAC proxy PAC script location
    IP proxy IP address with port

    PAC Script Location: The URL of the Proxy Auto-Configuration (PAC) file that contains scripts on how to handle web traffic requests.

  • Run through the settings in the Review Summary page, and click Save.

    • Upon successful configuration you will be directed to the Manage Agent page.

Troubleshooting gateway server errors

Errors in gateway server communication or configuration are displayed under Cloud Protection > Configuration > Gateway Servers > Health column. The potential gateway server errors you may encounter are listed below along with the follow-up actions to troubleshoot each error.

Error code Error message Reason for error Follow-up action
600005 Update Gateway Server Outdated gateway server version preventing access to new features; the gateway server performance will remain unaffected. Update the gateway server by following the steps in the Updating Gateway Servers page.
600009 Sync blocked due to Gateway Server version mismatch Gateway server version is outdated, preventing access to new features and configuration sync updates. The gateway server will perform minimal functions only. Update the gateway server by following the steps in the Updating Gateway Servers page.
600006 Failed to communicate with the DataSecurity Plus server The gateway server's attempts to communicate with the DataSecurity Plus server failed. To resolve communication issues, try the following steps:
  • In the machine where the gateway server is installed, access the DataSecurity Plus server via your browser, by entering Protocol://ServerName:DataSecurity Plus server port in the address bar. For example, HTTPS://LocalHost:8800
  • Check the inbound and outbound firewall settings and open the port used by the DataSecurity Plus server.

Refer to the default port configuration details here.
600103 TCP port unavailable The TCP port used by DataSecurity Plus to communicate with the gateway server is blocked or occupied by another process. By default, DataSecurity Plus uses the TCP port 8888.
To resolve issues with this port, try the following steps:
  • Check the if the TCP port is used by another process and resolve it.
  • Check the inbound and outbound firewall settings and open the TCP port if it is blocked.

Refer to the default port configuration details here.
600104 Gateway Server Access Key regenerated Gateway Server Access Key has been regenerated and updated in one or more gateway servers. Update the Gateway Server Access Key by following the steps in the Regenerating Gateway Server Access Key page.
600105 Low disk space The machine running Cloud Protection has less than 2GB of free space. Cloud app auditing will be stopped until the issue is resolved. To resolve the issue, free up disk space or add additional space to the machine running Cloud Protection.

After you have allotted additional disk space, restart the ManageEngine DataSecurity Plus - Cloud Protection Gateway service.
600202 Failed to start proxy unit Proxy unit within the gateway server could not be started. For assistance in resolving the issue, please write to us at support@datasecurityplus.com.
600204 Proxy unit port unavailable The port used by the proxy unit is unavailable. By default, the proxy unit uses port 8200.
To resolve the issue, try the following steps:
  • If port 8200 is busy, assign another available port number.
  • Check the inbound and outbound firewall settings to see if the port is blocked, and unblock it if so.
600209 Configuration files missing or corrupted Gateway server configuration sync during initial installation is unsuccessful. For assistance in resolving the issue, please write to us at support@datasecurityplus.com.
600206 Failed to start proxy unit (-) Proxy Chain source unreachable Proxy chain source settings specified are incorrect. To resolve the issue, check the existing proxy chain configuration and reset it if required. To reset proxy chain configurations:
  • Go to Configuration > Gateway Servers > Configured Gateway Servers.
  • Click the edit icon next to the desired gateway server.
  • Go to the Proxy Chain setting.
  • Edit the Proxy Settings value.
  • Click Next to review the gateway server details.
  • Click Update.
600207 Invalid PAC Script The Proxy Auto-Configuration (PAC) file script has errors. Check the existing PAC script file you've configured and rectify syntax errors, if any.
600208 Unable to download PAC script The PAC script location specified during the initial setup is incorrect. To resolve the issue, ensure that the specified PAC script location is correct and that the script file is accessible.

To reset the PAC script location in the gateway server configuration:
  • Go to Configuration > Gateway Servers > Configured Gateway Servers.
  • Click the edit icon next to the desired gateway server.
  • Go to the Proxy Chain configuration tab.
  • Enter the correct PAC Script Location.
  • Click Next.
  • Click Update.
600301/600309 Configuration sync mismatch Configuration details from DataSecurity Plus Server could not be sent to the gateway server. For assistance in resolving this issue, please write to us at support@datasecurityplus.com.
600302 Sync Error - Failed to sync CA certificate Configuration sync with CA certificates configured was unsuccessful. For assistance in resolving this issue, please write to us at support@datasecurityplus.com.
600303 Sync Error - Failed to sync Trust Store list Configuration sync with Cloud Protection Trust Store was unsuccessful. For assistance in resolving this issue, please write to us at support@datasecurityplus.com.
600304 Sync Error - Failed to sync Sanctioned Applications list Configuration sync with Sanctioned Applications list was unsuccessful. For assistance in resolving this issue, please write to us at support@datasecurityplus.com.
600305 Sync Error - Failed to sync Banned Applications list Configuration sync with Banned Applications list was unsuccessful. For assistance in resolving this issue, please write to us at support@datasecurityplus.com.
600306 Sync Error - Unable to reach Proxy Chain source Configuration sync for updating gateway servers with Proxy Chain source details was unsuccessful. To resolve the issue, examine and rectify errors in the proxy chain source configuration.

To reset the proxy chain source:
  • Go to Configuration > Gateway Servers > Configured Gateway Servers.
  • Click the edit icon next to the desired gateway server.
  • Go to the Proxy Chain configuration tab.
  • Modify the proxy chain source as required.
  • Click Next.
  • Click Update.
600307 Sync Error - Unable to parse PAC script PAC script could not be parsed due to syntax errors. To resolve examine and rectify errors in the PAC script file.
600308 Sync Error - Unable to download PAC script The PAC script download was unsuccessful during the configuration sync or after configuration edits. To resolve the issue, ensure that the specified PAC script location is correct and that the script file is accessible.

To reset the PAC script location in the gateway server configuration:
  • Go to Configuration > Gateway Servers > Configured Gateway Servers.
  • Click the edit icon next to the desired gateway server.
  • Go to the Proxy Chain configuration tab.
  • Enter the correct PAC Script Location.
  • Click Next.
  • Click Update.

Don't see what you're looking for?

  • Visit our community

    Post your questions in the forum.

     

  • Request additional resources

    Send us your requirements.

     

© 2024 Zoho Corporation Pvt. Ltd. All rights reserved.