A territory gateway allows a Broker in one territory to retrieve information from Brokers in another territory. You can set up ACLs on a territory gateway so that the Broker requesting information from a territory other than its own must be granted authorization to receive data.

When you set up a territory gateway ACL, the user name ACL on the local gateway contains one entry: the basic authentication identity or SSL identity of the Broker Server on which the remote gateway resides. After permission is granted, information flows from the remote Brokers on the other side of the gateway.

Normally, when you configure for SSL authentication, you do not need to attach an authenticator name ACL to a territory gateway. However, if the Broker identity from the other territory used a different certification authority, then you must import the trusted root of each territory into the truststore of the other.

The following figure shows the setup of a territory gateway ACL for a one-way flow of information. In the figure, an ACL containing the identity of the Brokers in territory Y is attached to a requesting Broker from territory X.

For information about setting up an ACL for this type of configuration, see Setting Permissions to Connect to Remote Brokers across a Territory Gateway.