Time & NTP
To configure time settings for your USS Gateway, click Configure ⟶ Settings ⟶ Time & NTP.
The Time & NTP section allows you to set the local time of the USS Gateway server. This is important, especially if you intend to use Active Directory authentication.
The timezone that best describes the location of the USS Gateway server.
To ensure the server clock is always up to date, we recommend you use NTP (Network Time Protocol). Enter your preferred NTP server here (hostname or IP address).
If you wish to set the server time manually, check this option and enter the correct time.
To configure advanced settings for your USS Gateway, click Configure ⟶ Settings ⟶ Advanced.
Early Access: Enable proxy version (includes web socket support)
This option enables early access to a new version of the USS Gateway proxy which is based on squid5. This version is not yet available for general release but does include some important new features, such as Web Socket support and bug fixes such as the certificate altnames bypass issue.
Enable this option if you are comfortable testing or using pre-release software in a production environment. Enabling this option will cause the proxy service to restart.
Servername Matching (squid5)
This operation mode determines how the server name is identified in HTTPS connections. The default mode is consensus.
The server name is either SNI (if SNI matches at least one of the certificate subject names) or "none" (otherwise). When the server certificate is unavailable, the consensus server name is SNI.
The server name is SNI regardless of what the server says.
The server name(s) are the certificate subject name(s), regardless of what the client has requested. If the server certificate is unavailable, then the name is "none".
Reduce noise from background Web requests to increase performance and report visibility
Many modern websites, particularly Search Engines and Mapping sites, use lots of background web requests to suggest terms and locations. On a large network with many users, this can add up to a significant amount of extra processing and log entries, which provide little benefit. This options filters the out these types of request, which should increase performance and also reduce the noise visible in the Web Security reports.
Reuse the same key when using temporary/ephemeral Diffie-Hellman key exchanges
Creating a key for every new Diffie-Hellman handshake is the most secure method, but the key creation is CPU- and disk-intensive which creates additional overhead. On very large networks, this can cause gateway resources to be consumed very quickly. This option can be used to toggle the new key creation mode to suit your requirements.