Server Configuration Settings 103novdocx (en) 19 February 2010 The Access Gateway should be an unconfigured machine. If it contains reverse proxies,delete them before continuing.In the Administration Console, click Devices > Access Gateways > Edit > Reverse Proxies/ Authentication. In the Reverse Proxy List, select Name, then click Delete. Update theAccess Gateway and the Identity Server.2 In the Administration Console, click Policies > Policies.The policies that the Access Gateway is dependent upon must be imported first.3 (Conditional) If you have exported policies from more than one container, create the policycontainers. Click the Containers tab; in the Container List, click New, specify the name for thecontainer, then click OK.4 (Conditional) If your system already contains policies, delete them if they aren’t being used.If they are in use and you have policies with the same names as the policies you are going toimport, you need to manually reconcile the duplicate policies. See Step 5 in Section 3.12.3,“Cleaning Up and Verifying the Configuration,” on page 103.5 In the Policy List, click Import.6 Browse to the location of the policy configuration file, select the file, then click OK.7 (Conditional) If you exported multiple policy configuration files, repeat Step 5 and Step 6.8 Enable all new Role policies. Click Identity Servers > Edit > Roles.9 Either select Name to enable all policies or individually select the policies, then click Enable.10 Click OK, then click Update.11 To import the Access Gateway configuration, click Access Gateways > [Name of AccessGateway] > Configuration > Import.12 Browse to the location of the file, select the file, enter a password if you specified one onexport, then click OK.13 Continue with Section 3.12.3, “Cleaning Up and Verifying the Configuration,” on page 103.3.12.3 Cleaning Up and Verifying the Configuration1 When the configuration import has finished, verify the configuration for your reverse proxies.1a Click Access Gateways > Edit > [Name of Reverse Proxy].1b Verify the listening address.This is especially important if your Access Gateway has multiple network adapters. Bydefault, the IP address of eth0 is always selected as the listening address.1c Verify the certificates assigned to the reverse proxy.The Subject Name of the certificate should match the published DNS name of the primaryproxy service in the Proxy Service List.1d Verify the Web Server configuration. In the Proxy Service List, click the Web ServerAddresses link. Check the following values: Web Server Host Name. If this name has a staging prefix or suffix, remove it. IP addresses in the Web Server List. If the IP addresses in the production area aredifferent from the IP addresses in the staging area, modify the IP addresses to matchthe production area.