How do I configure a Security Gateway?

Whenever you need to configure a Security Gateway setting (for example, proxy, port, or memory dumps), do this in the custom.properties file and then simply restart Security Gateway. Only if you use the custom.properties file will your settings be preserved when upgrading to a new version of Security Gateway.

The Security Gateway properties that you can configure are described in the following tables. These properties are applicable for both types of Security Gateway, private Security Gateways and public Managed Security Gateways.

Section: [connectivity]

Property Default value Description
dnsEntryPoint unset Define the entry point for the Security Gateway (for example, http://sg1.mydomain.com:9876). Via this URL, the Security Gateway is accessed by Dynatrace OneAgent. If not set, an auto-detected endpoint will be used. This entry can be used if the Security Gateway is accessed via, for example, an external IP address or load balancer.

Section: [com.compuware.apm.webserver]

Property Default value Description
port-ssl 9999 The port where the Security Gateway listens for traffic from OneAgent.
ssl-protocols TLSv1.2 Supported SSL protocols. Can be one or a list of the following values: TLSv1, TLSv1.1, TLSv1.2
excluded-ciphers unset List of additionally excluded ciphers (ciphers are defined by a substring matching at least a part of the cipher name, for example _DHE_)

Section: [http-client]

Property Default value Description
proxy-server unset Proxy server URL
proxy-port unset Proxy port (numeric)
proxy-scheme unset Proxy scheme (http or https)
proxy-user unset Proxy user name (optional)
proxy-password unset Proxy password (optional). Authentication with user/password is transferred as basic authentication header to the proxy. The initial plain text password is encrypted and stored in proxy-password-encr by the system.

Section: [collector]

Property Default value Description
MSGrouter true Security Gateway enables routing of OneAgent and other Security Gateway traffic through Dynatrace.
VMwareAgentEnabled Private Security Gateway: true; public Managed Security Gateway: true Security Gateway can be used to monitor VMware. The value of this property isn't respected by private Security Gateways, which can be used to monitor VMware.
AWSAgentEnabled Private Security Gateway: false; Public Managed Security Gateway: true Security Gateway can be used to monitor AWS
restInterface true Security Gateway can be used to access the Dynatrace REST API.
enableHttpChecks false HTTP Checks in Security Gateway
DumpSupported false Security Gateway allows you to temporarily store memory dumps from OneAgent. Additional configuration in section [dump] is required.

Section: [dump]

Property Default value Description
dumpDir dump Valid path of storage directory used for dump storage
maxSizeGb 100 Storage quota in GBs. If full, the oldest dumps are overwritten until enough space is available to store a new dump.
maxAgeDays 7 Maximum age of a memory dump in days until the dump is automatically overwritten
maxConcurrentUploads 5 Maximum number of concurrent dump uploads from OneAgents