Integration Server 10.11 | Integration Server Administrator's Guide | Configuring webMethods Enterprise Gateway | Setting Up an Enterprise Gateway
 
Setting Up an Enterprise Gateway
This section describes the high-level steps for setting up the Enterprise Gateway. The following checklist summarizes these steps:
Done?
Task
Notes
Install an Integration Server in your DMZ to be your Enterprise Gateway Server
When you identify an Integration Server to be an Enterprise Gateway Server, keep in mind that any external client on the Internet can access this server. Therefore, be very security conscious about the services you make available and the users you define.
Do not perform development work on this server and do not set up users or groups on it.
Important:
Do not configure a single Integration Server to be both an Enterprise Gateway Server and an Internal Server. This configuration is not supported, and unpredictable results will occur.
Disable the Developer and Replicator users
You will not need these users on an Enterprise Gateway Server. Disabling these users prevents someone from gaining access to your Enterprise Gateway Server through them. For more information, see Disabling and Enabling User Accounts.
Configure the Enterprise Gateway external port
Note:
If you plan to use an HTTPS port, you must store a server certificate, a server private key, and a CA certificate on this server. For instructions, see Configuring Integration Server for Secure Communications.
Configure the Enterprise Gateway registration port
If you are going to set up an encrypted connection between the Internal Server and Enterprise Gateway Server, you can optionally store a certificate for the Internal Server’s administrator user on Enterprise Gateway Server. For more information, see Importing a Client Certificate and Mapping It to a User.
Optional (but strongly recommended). Set up IP address filtering on the registration port so that only the Internal Server can connect to Enterprise Gateway Server. This step provides an additional layer of protection to supplement the IP address filtering performed by your firewall and the user authentication.
Note:
Even if your external firewall filters out connections to the Enterprise Gateway registration port, IP address filtering is a good idea because it will stop insiders from connecting to Enterprise Gateway Server.
Connect your Internal Server to Enterprise Gateway Server
Set values for the server configuration properties for Enterprise Gateway and Internal Server
Set values for or verify that the defaults for the following server configuration properties are suitable for your situation:
*watt.server.rg.internalregistration.timeout
*watt.server.rg.internalsocket.timeout
*watt.net.socketpool.sweeperInterval