Configure the Access Gateway DNS entries
After deployment Access Gateway requires multiple DNS entries, for the gateway itself, testing, and production.
This page:
-
Uses the generic address 192.168.A.B to represent the IP address of a Access Gateway deployment. This is an example only.
-
Uses the fictional company atko.com in examples.
Required configuration
| Value | Description |
Example |
|---|---|---|
| admin | Initial IP address of Access Gateway. Entered into the local /etc/hosts or Windows equivalent. Used only when initially configuring Access Gateway. Note: For AWS this is elastic IP, otherwise instance IP address of Access Gateway instance. |
/etc/hosts: |
| gw-admin.[yourdomain.tld] |
IP address of Access Gateway, entered into DNS typically as an A record. |
gw-admin.atko.xyz which might point to 192.168.A.B |
| gw [.yourdomain.tld] | Access Gateway service listener. Typically this value is entered as a DNS CNAME record pointing to the gw-admin[.yourdomain.tld]. |
gw.atko.xyz CNAME record pointing to oag-admin.atko.xyz |
DNS summary
|
Name |
Value |
Description |
|---|---|---|
| Access Gateway domain | gw.mysite.mycompany.com | The default endpoint used to provide Access Gateway authentication and authorization services. |
| Access Gateway admin domain | gw-admin.mysite.mycompany.com | The endpoint used to provide admin UI services. Use this domain to access the local admin app. |
| Access Gateway default cookie domain | mysite.mycompany.com | The default cookie domain used for Access Gateway. |
Please note:
- Host entries are only required for status checks.
- Entries are for a specific given Access Gateway node and are not application domains.
- Entries should always be pointing to the host IP for the Access Gateway node.
Once configured the Access Gateway Admin UI console should be reachable using the https://gw-admin.[yourdomain.tld] entry as well as the http://admin from a local browser.
See Show a running configuration to determine Access Gateway IP address.
Testing and production configuration
| Name | Description |
Example |
|---|---|---|
| header.[yourdomain.tld] |
For testing. IP address of Access Gateway when entered into /etc/hosts Example of a DNS name required for header application testing. |
192.168.A.B header.atko.xyz |
| policy.[yourdomain.tld] | For testing. IP address of Access Gateway when entered into /etc/hosts Example of a DNS name required for policy application testing. |
192.168.A.B policy.atko.xyz |
| peoplesoft.[yourdomain.tld] | Production example. Example of the DNS required for an application being protected by Access Gateway. This example would be used as the external (public) facing DNS name. IP address of Access Gateway when entered into /etc/hosts for testing. CNAME record pointing to [prefix]-admin[.yourdomain.tld] when entered into DNS for actual production use. |
peoplesoft.akto.xyz
oag-admin.akto.xyz |
See also
- For more information about Access Gateway DNS use see DNS use.
- Determine IP address of Access Gateway. See Show a running configuration.
- Configure Access Gateway primary and secondary DNS servers. See Manage DNS settings.