3.2.5.1. Private Gateway Test App

This section guides you how to set up an application that can be only reached via a private gateway SDP and demonstrates a user experience.

In this article you will learn how to:

  • Enable the testing web app that ships with the SDP Private Gateway.

  • Define the Private Gateway test app as a protected application in SDP.

Before you start this guideline, you must install a private gateway and connect it to your account. If you have not done so, you can follow steps in 3.2.2.1. Using Private Gateways

To simplify testing private gateway connectivity we ship with a test resource located on the same VM.

When this feature is enabled a web application is available at http://172.18.0.200. This should be added as a protected application in the MA UI. The port is the default HTTP port 80/TCP. The only action to take is to enable or disable it. Further configuration (IP address, port) is possible in the future.

  1. From the private gateway configuration tool, enable the test application.
    images/download/attachments/5090431/screenshot-2020-09-24T10-21-42-0400.png images/download/attachments/5090431/screenshot-2020-09-24T10-21-46-0400.png images/download/attachments/5090431/screenshot-2020-09-24T10-21-52-0400.png

  2. Add this application in the MetaAccess console. Enable secure access first if needed.
    images/download/attachments/5090431/screenshot-2020-09-25T14-40-43-0400.png

  3. Select SDP Gateway as the method to protect this application.
    images/download/attachments/5090431/screenshot-2020-09-25T14-41-11-0400.png

  4. Add the testing app on the private gateway.

    1. Select Web Application as the Application Type

    2. Enter http://172.18.0.200 as Application URL, the system will auto-fill in the port 80/TCP for you.

    3. Access Mode: Monitor for testing purpose. You can set this to “Enforce” to ensure that the device must be met with Access Rules before being allowed access to the application.
      images/download/attachments/5090431/image-20201003-183225.png

  5. Add any users or groups to have access to this resource. You can refer 3.2.3.1. Provision users to understand how to invite an end-user or import user groups from your IdP. The below screenshot is using a local user for this demonstration purpose
    images/download/attachments/5090431/assign_a_local_user.png

  6. There is an informational screen about the active gateways.
    images/download/attachments/5090431/screenshot-2020-09-25T14-44-22-0400.png

  7. Create a device group on your account and enable SDP feature for that group.
    images/download/attachments/5090431/enable_SDP.png

  8. Click +Device on the top right and pre-assign OPSWAT Client to the group you just created.
    images/download/attachments/5090431/image-20201003-175002.png

  9. Download the OPSWAT Client installer. Note that the on-demand OPSWAT Client has not supported SDP feature. images/download/attachments/5090431/image-20201003-175122.png

  10. Install the OPSWAT Client with the installer you just download. Your device will be auto-assigned to the group you pre-assigned to. After it’s installed successfully, you can confirm by going back to the device group and you will see your device is there

  11. It will take sometime for OPSWAT Client retrieve settings from MetaAccess to enable SDT. After it enables SDP successfully, you will Open SDP on the tray menu
    images/download/attachments/5090431/Tray_with_SDP.png

  12. Click Open SDP to launch the SDP UI and sign in with the user you assigned to the testing app. Note that if you assigned a IdP group to the app, you need to sign in to the SDP through the IdP app dashboard. OPSWAT Client has not supported SP-Initiate yet.

images/download/attachments/5090431/image-20201003-182730.png

13. After a user authenticates successful, the user will see applications the user can access based on user permission and access rules. From now on, the user can access applications/resources as normal they do

images/download/attachments/5090431/SDP_UI_-_after_authentication.png

14. Now on the test device, you can access to the testing app hosted on the private gateway through your browser http://172.18.0.200 or click on the Demo app on the SDP user interface

images/download/attachments/5090431/demo_app_UI.png