Configuring Web Server settings on a connection gateway (Network Agent for Linux)

A separate Web Server service is implemented on a distribution point in a connection gateway mode, which allows working with mobile devices connected to Kaspersky Security Center. This service is responsible for transferring app installation packages and device management profiles to devices without directly connecting them to the Administration Server. Files are transferred as the service processes HTTP/HTTPS file requests on a connection gateway.

Web Server on a connection gateway only works for downloading the following types of files to mobile devices:

• Kaspersky mobile apps

  Installation packages of Kaspersky mobile apps added to policies by the administrator via Kaspersky Security Center Web Console.

• Third-party mobile apps

  Installation packages of third-party mobile apps created by the administrator for their subsequent installation on devices from a local file.

• Device management profiles for iOS MDM devices

To connect new devices to Kaspersky Security Center, installation packages and device management profiles are published on the Web Server connection gateway if it has been deployed.

Links to installation packages are located in the policy settings and the "Apps & files" and "Installation packages" sections of Kaspersky Security Center.

This functionality is available with Kaspersky Security Center Linux 15.2 or later.

The Web Server service on a connection gateway is installed together with Network Agent Linux. To use this functionality, you must assign a device that will act as a distribution point in a connection gateway mode to be used as Web Server, and then specify the corresponding settings.

Assign a device that will act as a distribution point in a connection gateway mode

To assign a device that will act as a distribution point in a connection gateway mode:

1. In the main window of Kaspersky Security Center Web Console, click the settings icon () next to the name of the Administration Server.

   The Administration Server properties window opens.

2. In the General tab, select the Distribution points section.
3. Click Assign.
4. In the window that opens, select the device that you want to act as a distribution point.
5. Click OK.

   The selected device appears in the list of distribution points.

6. Click the name of the device.
7. In the properties window of the distribution points that opens, select the Connection gateway section.
8. Enable the Connection gateway toggle switch.
9. Specify the DNS domain name of the distribution point under which it will be available to mobile devices.
10. Click OK.

A device that will act as a distribution point in a connection gateway mode is assigned.

Configure Web Server settings on a connection gateway

To configure Web Server settings on a connection gateway:

1. In the main window of Kaspersky Security Center Web Console, click the settings icon () next to the name of the Administration Server.

   The Administration Server properties window opens.

2. In the General tab, select the Web Server section.
3. In the Web Server settings on connection gateway (Network Agent for Linux) block of settings, select the Launch an additional Web Server on connection gateway check box.

   This Web Server will be used to transfer files to devices.

4. In the Connection gateway field that appears, specify the host on which Web Server will be deployed to act as a connection gateway. Only hosts that support this functionality are displayed in the drop-down list.
5. In the Web Server settings for selected connection gateway block of settings that opens, configure the Web Server ports:
   1. Select Open Web Server HTTPS port if you want Web Server to be accessible on the HTTPS port and handle HTTPS requests. You will also need to configure a corresponding certificate to secure this port.
      1. Specify the HTTPS port.
      2. Specify the Certificate source for the Web Server HTTPS port.

         By default, the certificate issued by the Administration Server is used – it is valid for 397 days and is renewed automatically after it expires. If necessary, you can renew this certificate manually by clicking the Reissue button.

         To continue using this certificate, select Issue certificate through Administration Server. To upload a custom certificate manually, select Upload certificate from file.

         To upload a certificate from a file:

         • Click Upload from file.
         • In the window that opens, choose the Certificate format.
         • For a PKCS #12 certificate, specify the path to the certificate file (P12 or PFX) and enter the certificate password.

           For an X.509 certificate, specify the path to the public and private key files and enter the private key password.

         • Click Save.
      3. Make sure the addresses in the Web Server address (the address of Web Server whose requests will be processed by Kaspersky Security Center) and Certificate address (the address of the issued certificate) fields match. Otherwise, you need to reissue the certificate issued by the Administration Server or upload a different custom certificate.

      In order for devices to securely download files from Web Server on a connection gateway via HTTPS, the Web Server certificate must be installed on these devices.

   2. Select Open Web Server HTTP port if you want Web Server to be accessible on the HTTP port and handle HTTP requests.
      1. Specify the HTTP port.
   3. Click Save.

Web Server settings on a connection gateway are configured.

If HTTP or HTTPS port settings are changed, you need to update the links to previously published installation packages for mobile devices connected to Web Server on the connection gateway. Please republish the links in the policy settings and the "Apps & files" and "Installation packages" sections of Kaspersky Security Center.

To update the links to installation packages:

• In the "Apps & files" section:
  1. In the main window of Kaspersky Security Center Web Console, select Assets (Devices) → Mobile → Apps & files.
  2. Click Android or iOS depending on the required operating system.
  3. In the list of apps that opens, do one of the following:
     • Select the check boxes next to the names of the apps whose installation package links you want to update, and then click Republish.
     • Click the names of the apps whose installation package links you want to update, and then click Republish in the window that opens.
• In the "Installation packages" section:
  1. In the main window of Kaspersky Security Center Web Console, select Operations → Repositories → Installation packages.
  2. In the window that opens, click View the list of stand-alone packages.
  3. Select the app whose installation package link you want to update, and then click Unpublish.
  4. Click Publish.

The links to installation packages are updated.

Page top