Skip to content

System

To view and edit System settings, you must be a member of a group with the System setup role enabled.

LDAP Servers Tab

Getting there

  1. Log into Gateway Administrator as a member of a group that has the System setup role enabled.
  2. Go to System > LDAP Servers.

ReflectionGateway is the default user list. Use the Users tab to add or delete users in this list. Data for these users is stored in the Reflection Gateway database. You cannot remove this list.

You can also provision users by adding one or more LDAP servers to Gateway Administrator. Authentication and group membership are managed on the LDAP server. Each time the user logs in, current information is retrieved from the LDAP server.

Use the selection box on to edit or delete an added server. (The selection box has no affect on user access.)

Windows Active Directory is the only LDAP directory type supported in version 1.1.

New/Edit LDAP Servers Tab

Getting there

  1. Log into Gateway Administrator as a member of a group that has the System setup role enabled.

  2. Go to System > LDAP Servers

Use this page to configure connections to an LDAP server.

  • You must click Save to save these settings. The Test Connection button verifies the connection, but does not save your settings.

  • Red asterisks mark required fields.
Type Active Directory.

This is not configurable; Windows Active Directory is the only LDAP directory type that is currently supported.
Domain name The domain name for this LDAP server.
Server LDAP Server address.

This can be a specific server name (myserver.mydomain.com), an IP address (10.10.123.123), or the domain address (mydomain.com).
Port Port used by the LDAP server.

3268 is the default, and is standard for Active Directory global catalog for non-secure connections (LDAP).

3269 is the default for secure Active Directory global catalog for secure connections (LDAPS).

Use of the default global catalog ports is recommended for better performance. For connections without using global catalog, 389 is standard for non-secure connections and 636 is standard for secure connections.
Advanced domain settings Clicking Advanced domain settings expands the display to show the following options. Use these settings to customize how Reflection Gateway manages user authentication to this LDAP server. For additional information, see LDAP Server Advanced Domain Settings.

Advanced domain settings apply to password authentication only; X.509 certificate authentication always requires user mapping that specifies both a domain and username.

Domain mappings

If you have multiple LDAP servers configured, you can use this option to map the value in Domain name to these servers. This can improve performance, because Reflection Gateway authenticates first against the servers you specify here.

Remove user domain

When set to Yes, any domain name the user enters at login is removed before Reflection Gateway authenticates the user to this LDAP server. For example, if a user enters acme\joe, the domain name acme is removed. If no Default user domain is specified, only the user ID joe is sent to the server for authentication.

Default user domain

Specifies a default domain name to include when Reflection Gateway authenticates users to this LDAP server. For example, if you specify domain1 and a user logs in as user_name, the user is authenticated as domain1\user_name. This can be used in combination with Remove user domain to replace any domain name that the user includes with the value you specify here.
UserID Name of a user who has read access to this LDAP directory.

NOTE: You must include the user's domain. For example:

mydomain\user

user@mydomain

user@mydomain.com
Password The LDAP user's password
Base DN The base DN under which users are located.

For example:

OU=Users,DC=mydomain,DC=com
LDAP Filter (Optional) Limits the list of users added to Gateway Administrator to those included in the specified filter. If no filter is specified, all users in the specified Base DN are added.

Use standard LDAP filter syntax. This example retrieves users in the group myGroup:

(|(&(objectCategory=user)(memberOf=CN=myGroup,OU=Users,DC=mydomain,DC=com))(&(objectCategory=group)(CN=myGroup)))
Secure Connection Select this option to connect to the server using LDAP over SSL (LDAPS).

To make a successful secure connection, you must enable Secure Connection, provide the correct Port for LDAPS connections to this server (the port changes to 3269 by default), and use Add Certificate to browse to the certificate for this server. After you retrieve a certificate, information about that certificate will be displayed on the page.

More Information

Email Server Tab

Getting there

  1. Log into Gateway Administrator as a member of a group that has the System setup role enabled.

  2. Go to System > Email Server.

Email server configuration is required to support outgoing email messages sent from Reflection Gateway.
Test Connection Tests whether the specified SMTP server can be reached at the specified port.

This test does not confirm that outgoing messages will be successful. After your email server configuration is complete, you can use the Preview feature on the Email Templates page to test an outgoing email.

This tests the current on-screen settings. These settings are not saved until you click Save.
Save Saves the current settings. This button is not enabled until you have entered all required information.

Certificate information is saved automatically, but other edits are not saved until you click Save.

Moving to a new page without clicking Save cancels your edits.
Email Service Select Enabled to enable email emails from Gateway Administrator.
SMTP server The name or IP address of the outgoing email server.

This field and the other items on this page cannot be edited if Email service is Disabled.
Port The listening port on the SMTP server.

This setting changes automatically when you change the Secure connection setting to match the standard port for each option. If your server uses a non-default port, change the port value after selecting your secure connection type.
UserID Password Some SMTP servers require user credentials to support sending outgoing messages. Use these fields to enter valid user credentials.
Sender address Sets the global default for the sender address that appears in emails sent from Reflection Gateway. This value replaces the $GLOBAL_SENDER_ADDRESS$ token.

Depending on your email server configuration, you might need to use a valid email account, or you might be able to specify an arbitrary address such as noreply@gateway.com.
Sender name Sets the global default for the user name that appears in emails sent from Reflection Gateway. This value replaces the $GLOBAL_SENDER_NAME$ token.

Some email servers might ignore this and use the actual name associated with the specified sender address.

More Information

Email Templates Tab

Getting there

  1. Log into Gateway Administrator as a member of a group that has the System setup role enabled.

  2. Go to System > Email Templates.

Use this tab to customize the email notifications sent from Reflection Gateway.
Template list Use this drop-down list to select the template you want to edit. See Transfer Site Email Notifications for a description of when each template is used.
User Type Select Reflection Gateway user to customize templates that are sent to users added to the ReflectionGateway LDAP server. Select LDAP server to edit templates sent to users in an added LDAP server.

The default templates are the same for both groups, with the exception of the Password Request template.

NOTE: Account Creation and Password Reset are not available for LDAP users.
Import Opens a browse dialog box that you can use to import content from a file created with a text or HTML editor.
Restore Default Restores the default content for the selected template.
Sender address Emails that use the selected template will show that they are from this email address. You can use the default token or delete the token and enter an email address here. Some email servers require that this be a valid user.

The GLOBAL_SENDER_ADDRESS token enters the Sender address value specified in the Email Server tab.
Sender name Emails that use the selected template will show that they are from this user.

The GLOBAL_SENDER_NAME token enters the Sender name value specified in the Email Server tab.
Subject The subject line that will appear in the email.
Insert Token Use this list to insert a token in the current cursor position in the message body. Tokens must be preceded and followed by a dollar sign ($). The dollar signs are added automatically when you use Insert token. You can also type token values manually.

The list shows the tokens that are supported for the currently selected template.

Tokens for which no value is available are omitted from email messages.
Body of message The body can be provided in text or HTML format.

You can edit this area directly, or use Import to import content from a file created with a text or HTML editor.
Preview Click the Preview heading or the arrow to expand the preview area.

Tokens in the preview are replaced by sample content enclosed in square brackets. For example: [myTransferSite]. In actual generated email, the brackets do not appear and the sample content is replaced by actual content.

To send a test email, enter an email address in the To field and click Send Test Email. This test can help you determine if your email server is correctly configured and supports your current values for Sender address and Sender name.

Note: Because the preview email messages do not show how token replacement is actually handled, you should follow up a successful preview test with a test of an actual email notification.

More Information

File Servers Tab

Getting there

  1. Log into Gateway Administrator as a member of a group that has the System setup role enabled.

  2. Go to System > File Servers.

Use this page to configure SFTP servers to be used for Jobs and/or Transfer Sites. For details about adding and setting up servers, see:
Transfer site file server This setting applies to Transfer Sites only.

Specify the SFTP server to be used for files uploaded to and downloaded from Transfer sites. Files for each Transfer Site you create are placed in a subdirectory of the designated base directory on the file server.

The name and location of the base directory you configure for your file server is not made visible to client users. The folder name that users see when they connect is the value you specify for Transfer site name when you create a Transfer Site. The actual subdirectory on the file server is the value you specify for Directory name.
Reflection Gateway Proxy

When this option is selected, Transfer Site directories are created on the server running the Reflection Secure Shell Proxy. The default base directory on this server is:

C:\ProgramData\Micro Focus\RSecureServer\Reflection\

To change the base directory, open the Reflection Secure Shell Proxy console and go to Reflection Gateway Users > Reflection base path.

NOTE: If you use Post Transfer Actions, you must select an added SFTP server; Post Transfer Actions are not supported on the Reflection Gateway Proxy.

More Information

New/Edit SFTP Server

Getting there

  1. Log into Gateway Administrator as a member of a group that has the System setup role enabled.

  2. Go to System > File Servers.

  3. Click New, or select an existing server and click Edit.

Added SFTP servers can be used for both Transfer Sites and Jobs.
Server The name or IP address of an SFTP-enabled SSH server.

The Reflection for Secure IT Gateway installer includes the Reflection for Secure IT Server for Windows. Each Reflection Gateway license entitles you to install this SFTP-enabled server on one system. Contact Micro Focus for information about purchasing additional Reflection for Secure IT Servers for Windows or UNIX.
Port The port used for SFTP and SSH connections on the server. Port 22 is the standard.
Host key fingerprint Connections to the SFTP server require host authentication using a public key. Once you have specified a server and port, you can click Retrieve to import this key. The host key fingerprint displays the SHA1 hash of the retrieved key.
UserID Specify a valid user account on the SFTP server. Reflection Gateway uses the credentials of this account to access the file system on this server.
Password Select this option to authenticate using a password, and enter the password for the specified user.
Public key Select this option to authenticate using public key authentication. To use this option, public key authentication must be configured for the user on the SFTP server. Copy the user’s private key to a location available from the browser, then click Import private key. This imports (copies) the key into the Reflection Gateway database. After the import, you can delete the key from the file system to minimize security risks.
Transfer Site base directory This setting is required only if you want to use this server as your Transfer Site file server. This base directory is not used when the server is configured for Job scanning or Job actions.

Specify the base directory under which Reflection Gateway Transfer Site directories will be created. The directory you select must be available to the specified user account. Click Browse to connect to the server and select a location. This automatically enters a path using the correct syntax. By default, the base directory is set to a subdirectory called Reflection in the directory you selected. This is not required; you can edit or delete this subdirectory name.

More Information

File Server Groups Tab

  1. Log into Gateway Administrator as a member of a group that has the System setup role enabled.

  2. Go to System > File Server Groups.

Use File Server Groups to limit which SFTP file servers users have access to when configuring Jobs.

  • File Server Groups limit which servers are visible to users in the New Job page, the Transfer File dialog box, and the Execute Command dialog box.

  • Users who are members of a group with the System setup role always have access to all SFTP servers; these users do not need to be a member of a File Server Group.

  • If one or more File Server Groups are configured, users who are members of a group with the Manage jobs role enabled (but not System setup) must be a member of at least one File Server Group to be able to configure Jobs. These users will only be able to configure Jobs on an SFTP server if they are members of a File Server Group that includes that server.

  • If no File Server Groups are configured, all users with Manage jobs rights have access to all SFTP servers when configuring Jobs.

More Information

New/Edit File Server Group

Getting there

  1. Log into Gateway Administrator as a member of a group that has the System setup role enabled.

  2. Go to System > File Server Groups.

  3. Click New, or select an existing File Server Group and click Edit.

Use this page to add servers and users to File Server Groups.
Save You must include at least one server and one user member to be able to save your group.
File server group name A descriptive name for this group.
File servers in this group Select one or more servers from the list of available servers.

To add additional servers, use the File Servers tab.

Members

Users who are members of this group will be able to configure Jobs using the specified file servers.
LDAP Server Select the directory that you want to search for users to add.
Users Groups Select whether you want to search for users or groups.

Type in the text box to initiate search for users or groups in the selected LDAP server. Note the following:
  • The results list shows first and last names (if present) and email. Although the userID is also included in the search, it isn't displayed in the results list.
  • The results list is limited to 10 users. If the user is not visible, continue to enter more of the user's name.
  • The user or group you select is not added to the list until you click Add.
Add This button is available after you have specified a valid user or group. Click it to add the user or group to the File Server Group.

Users or groups you add to this list are added to the File Server Group when you click Save.

More Information

Hubs Tab

Getting there

  1. Log into Gateway Administrator as a member of a group that has the System setup role enabled.

  2. Go to System > Hubs.

Hubs are required to support Reflection Gateway Jobs. If you plan on configuring Jobs, you must add one or more Hubs to this list.

The Reflection Hub service makes connections to SFTP servers and executes the Job actions you have define from the Jobs page.

You can add multiple Hubs to ensure availability of the Reflection Hub service. If you configure connections to more than one Hub, Reflection Gateway uses a round robin load balancing system to determine which Hub to connect to.

More Information

New/Edit Hub

Getting there

  1. Log into Gateway Administrator as a member of a group that has the System setup role enabled.

  2. Go to System > Hubs.

  3. Click New, or select an existing Hub and click Edit.

For most connections you can enter the Hub server name or address and use the default values provided for the other values.
State To disable a hub, click Disabled then Save and Activate. (In this context, this button saves the disabled state, it does not activate the hub.)

PKI Servers Tab

Getting there

  1. Log into Gateway Administrator as a member of a group that has the System setup role enabled.

  2. From Gateway Administrator, go to System > PKI Servers.

Reflection PKI Services Manager provides certificate verification services, and is available as a separate download from the Reflection for Secure IT Gateway download page at no additional charge. For information about downloading PKI Services Manager and configuring it for use with Reflection Gateway, see Set Up PKI Services Manager. To support X.509 certificate authentication, at least one PKI Server must be configured.

Note

You can install and configure PKI Services Manager on multiple systems to ensure availability of certificate authentication services. When you add multiple servers to the PKI Servers list, Gateway Administrator contacts the first available server on the list. The reply from this PKI Server (valid or not valid) is used, and no other servers on the list are contacted. All PKI servers must have identical trust anchors, configuration settings, and mapping files to ensure that each of your PKI Services Manager servers returns the same validation for all certificates.
New You must have PKI Services Manager installed and running before you add it to the PKI Servers list.
Edit This button is available when a PKI server is selected. Use it to disable the selected server or modify settings.

More Information

New/Edit PKI Server

Getting there

  1. Log into Gateway Administrator as a member of a group that has the System setup role enabled.

  2. Go to System > PKI Servers.

  3. Do one of the following:

    • Click New to add a new PKI server.

    • Select a PKI server already on the list and click Edit.

Use this page to configure connections to PKI Services Manager. Reflection PKI Services Manager provides certificate verification services, and is available as a separate download from the Reflection Gateway download page at no additional charge. For information about downloading PKI Services Manager and configuring it for use with Reflection Gateway, see Set Up PKI Services Manager.
PKI server The server running PKI Services Manager.
Port The listening port used by PKI Services Manager. The default (18081) is the default port used by PKI Services Manager.
State New servers are enabled by default. Select Disabled to disable this PKI server without removing it from your list.
Retrieve Public Key Retrieves the public key from the specified PKI server. After you retrieve a key, information about that key is displayed below the button.

To compare the retrieved key fingerprint with the actual PKI Services Manager key on the PKI server, start the PKI Services Manager console and go to Utility > View Public Key.

More Information