Connect to Hosts via Reflection Security Proxy

You can centrally manage host traffic and reduce host visibility by connecting emulation sessions through the Reflection Security Gateway. To do this, EXTRA! sessions are created from the Administrative WebStation, which opens an administrative mode of EXTRA! for configuration.

The Reflection Security Gateway offers several configuration options:

Client authorization

When using the default configuration for the Security Proxy, users are authorized using security tokens. Transmitted data between the client and the Security Proxy is encrypted; transmitted data between the Security Proxy and the host is not. The Security Proxy server should be installed behind a corporate firewall when used in this mode. See Connect using Client Authorization.


Pass Through mode

When configured as a Pass Through Proxy, the Security Proxy passes data to the destination host without regard to content (that is, it ignores any SSL handshaking data). You can secure data traffic using SSL between the client and the destination host by enabling SSL user authentication on the destination host. When using a Pass Through proxy, client authorization is not an option. See Connect using Pass Through Mode.

End-to-End Security

TN 3270 sessions only. This option combines user authorization with SSL security for the entire connection. Single sign-on capability using the IBM Express Logon is also supported, provided the host supports SSL. See Connect using End-to-End Security and Express Logon in 3270 Sessions.

End-to-End Security