Connect to Hosts using the Reflection Security Proxy

You can centrally control access to your sessions and reduce host visibility by connecting emulation sessions through the Reflection Security Gateway.

Note: If you plan to customize Reflection, create a companion installer package in the Attachmate Customization Tool or another MSI tool and deploy it to users or groups from the Package Manager. See Deploy MSI Packages from Reflection Security Gateway.

The Reflection Security Gateway offers several configuration options:

Client Authorization

When using the default configuration for the Security Proxy, users are authorized using security tokens. Transmitted data between the client and the Security Proxy is encrypted; transmitted data between the Security Proxy and the host is not. The Security Proxy server should be installed behind a corporate firewall when used in this mode. See Connect using Client Authorization.

Security Proxy (default)

Pass Through

When configured as a Pass Through Proxy, the Security Proxy passes data to the destination host without regard to content (that is, it ignores any SSL handshaking data). You can secure data traffic using SSL between the client and the destination host by enabling SSL user authentication on the destination host. When using a Pass Through proxy, client authorization is not an option. See Connect using Pass Through Mode.

End-to-End Security

This option, available for 3270 sessions only, combines user authorization with SSL security for the entire connection. Single sign-on capability using the IBM Express Logon is also supported, provided the host supports SSL. See Connect using End-to-End Security and Express Logon in 3270 Sessions.

Security Proxy (End to End)