Sites

  • 3 minute read
Prev Next

A Site is a concept within Appgate SDP that is used to group some aspects appliances' behaviour together mainly in respect of Gateways. It is also used with LogForwarders, Metrics Aggregators, and Connectors.

To make configuring a new Collective easier you will find a built in default Site already configured that uses EBR. For a new Collective you can just edit this default Site but to begin with you may only want to add a DNS resolver and leave everything else with the default settings.

There are a number of different use cases for Sites:

  1. A Site is used to group Gateways together - they then share the work of provisioning access to the (protected) hosts in a subnet, geographical location or business unit.

  2. Sites are used by the LogForwarder - log records from one or more Sites can be consolidated together and forwarded.

  3. Sites are used by the Metrics Aggregator - metrics from one or more Sites can be aggregated together for subsequent collection.

  4. sdpctl will use Site as a means of knowing which Connectors operate as an HA pair - and only upgrade one at a time.

  5. The Express Connector must belong to a Site - this defines from where it will receive its down traffic from users.

The main use case is 1; as the Site provides the linkage between Entitlements and the relevant Gateways that sit in front of those protected hosts. Knowing this linkage allows the Client routing to be set up either, directly if using Site Base Routing [SBR] (the information is in the tokens) or, indirectly if using Entitlement Based Routing [EBR] (with information provided by the Gateways). For Sites with Gateways the Site health is also displayed - which indirectly reflects the underlying health of the relevant Gateways.  

Before you start

Information you will need:

  • the network subnets for each Site (if using SBR)

  • whether more than one Gateway will be assigned to this Site (background info: High Availability)

  • an overall understanding of how and where user traffic will be routed

  • any name resolver details such as DNS resolver IP address, or name resolver configuration details (background info: DNS and name resolution)

  • an available and valid license for the new Site

Pre-configure the following elements:

  • Trusted certificates: any certificates required in order to use name resolvers should be added to Trusted Certificates

Use the Sites form to:

  • View all the Sites you have configured in the Collective.

  • Configure new Sites. You can only add a new Site when there is a license available otherwise you will see a warning. The default license only allows the use of two Sites.

  • Configure tunneling options. This will be same for all Gateways added to the Site.

  • Specify the Client routes (if using SBR) that direct traffic to this Site.

  • Edit the Built-in Default DNS Resolver for the Site.

  • Configure how host names or resource names (defined in Entitlements) will be resolved by the Gateways.

  • Perform actions using the action buttons provided (See below).

Action Buttons

Action buttons are accessed by clicking the 3 dots to the right of each line item in the table or from the <Actions> button within the item. They are contextual, changing depending on the type of item and the state of the item.

  • Test Name Resolvers. A test button is provided for each Site. Once the resolvers are configured for all Sites, it is possible to test them. The syntax for testing the resolver will be the same as the syntax you use when you configure Entitlement Actions.

Related articles
  • Sites
    Admin Guide > Admin Guide v6.6 > Admin UI > System > Sites
  • Sites
    Admin Guide > Admin Guide v6.7 > Admin UI  > System > Sites
  • Configure Sites
    Admin Guide > Admin Guide v6.6 > Admin UI > System > Sites > Configure Sites