Overriding the default Network Access Policy Exception limit in DMZ Gateway


THE INFORMATION IN THIS ARTICLE APPLIES TO:

  • DMZ Gateway version 3.0.0 and later

DISCUSSION

By default, DMZ Gateway limits the number of network access policy exceptions that may by defined in both the “grant” and “deny” exception lists.

  • In DMZ Gateway version 3.0.0 the limit defaults to 100 per list.

  • In DMZ Gateway version 3.1.0 and above the limit defaults to 1000 per list.

 You can override the default limit by editing a system property, as described below.

Description: icon_info.gif GlobalSCAPE Quality Assurance tested the system with the default setting; changing this setting from the default may cause as yet unknown issues.

To override the default setting:

  1. Open the file <InstallDir>\conf\DMZGatewayServerService.conf in a text editor.
  2. Locate the “Additional Java Parameters” section, which will be similar to the following text:
  3. # Additional Java parameters. Add parameters as needed starting from 1.

    # By default, use the server Virtual Machine.

    wrapper.java.additional.1=-server

    wrapper.java.additional.2=-DDMZSharedConfigurationDirectory=%DMZ_SHARED_CONFIG_DIRECTORY%

    wrapper.java.additional.2.stripquotes=TRUE

    wrapper.java.additional.3=-Djava.ext.dirs=bin/jre1.6.0_24/lib/ext

  4. Add the following line at the end of the section:
  5. wrapper.java.additional.<Index>=-DNetworkAccessPolicyExceptionLimit=<New Limit>

    Where “<Index>” is 1 more than the index number in the previous line and “<New Limit>” is the desired network access policy acception limit. For example:

    # Additional Java parameters. Add parameters as needed starting from 1.

    # By default, use the server Virtual Machine.

    wrapper.java.additional.1=-server

    wrapper.java.additional.2=-DDMZSharedConfigurationDirectory=%DMZ_SHARED_CONFIG_DIRECTORY%

    wrapper.java.additional.2.stripquotes=TRUE

    wrapper.java.additional.3=-Djava.ext.dirs=bin/jre1.6.0_24/lib/ext

    wrapper.java.additional.4=-DNetworkAccessPolicyExceptionLimit=2500

    Will set the network access policy exception limit to 2500 entries per list.

  6. Save your changes.
  7. Restart the DMZ Gateway Server Windows Service.
  8. To verify that the changes have taken effect, open the file <InstallDir>\logs\DMZGatewayServer.log and locate the most recent log message containing the text "Number of network access policy exceptions is limited to:" This line will display the active network access policy exception limit.