AppGate SDP checklist
This article is purpose-built to confirm the comprehensive collection of essential information and resources required for the successful deployment of AppGate SDP. It serves as a concise version of the pre-installation survey document.
For in-depth information, we kindly direct your attention to the comprehensive version provided during the planning and design phase.
1. Platform Information
General system configuration information, where you decide the installation platform.
Supported Appliance Platform(s) are ☐ AWS ☐ Azure ☐ GCP ☐ Hyper-V ☐ OpenStack ☐ Physical Server ☐ VirtualBox ☐ VMWare ☐ Other
2. Customer Networking
AppGate SDP, like any system, requires certain network ports to be open for inbound and outbound traffic. The provided link, lists those ports needed to implement the system. AppGate highly recommends the use of UDP-TCP SPA for client and appliance connections to better cloak the system.
3. Single Packet Authorization (SPA) Mode
☐ UDP-TCP (highly recommended) ☐ TCP (default).
4. Appliance Information
Available appliance roles are Controller (CTL), Gateway (GW), Portal (PTL), Connector (CON), Log Forwarder (LF) and LogServer (LS). Most roles can be combined on an appliance, however, there are exceptions like Logserver and LogForwarder cannot co-exist in a collective.
Below are some critical parameters to consider and have readily available.
Hostname (FQDN) | Role(s) | Appliance Details | IP Addresses (Subnet) | GW for each subnet | NTP Server | DNS Server(s) | ||
Internal | ||||||||
Public | ||||||||
Management (Optional) | ||||||||
Internal | ||||||||
Public | ||||||||
Management (Optional) | ||||||||
Internal | ||||||||
Public | ||||||||
Management (Optional) | ||||||||
Internal | ||||||||
Public | ||||||||
Management (Optional) | ||||||||
5. IP Pools
IP Pools are used to assign an IP address to a client’s tunnel adapter. An IP Pool is assigned to an Identity Provider (IdP) which can have only one pool assigned to it.
There are two built-in IP pools (one IPv4, one IPv6) which can be modified, or additional IP pools can be created to replace the default pools.
6. Site Information
Sites represent logical groupings of secured resources typically organized based on physical criteria such as datacenter, Virtual Private Cloud (VPC), or resource group. Within AppGate, site concept is used to group some aspects of appliances' behavior together mainly in respect of Gateways, sometimes with LogForwarder, Metric Aggregators.
7. Identity Providers
Identity provider is responsible for configuring the parameters governing identity management components within the AppGate SDP system. This also involves setting up claims source, which then forms the foundation for controlling access rights.
AppGate SDP supports authentication using external LDAP (AD), LDAP certificate, OIDC, RADIUS and SAML IdPs. Link