Unified Access Gateway can be deployed either by using the vSphere Web Client or PowerShell scripts. In either method, you must configure some parameters for the deployment. The information provided here helps you understand some of the configuration parameters that are used during the PowerShell deployment.

Configuration Parameter Description
sshEnabled This setting is present in the [General] section of the .ini file. When set to true, this parameter automatically enables SSH access on the deployed appliance.

When sent to false, SSH is not enabled.

Note: VMware does not generally recommend enabling SSH on Unified Access Gateway except in certain specific situations and where access can be restricted. If root console access is required for Amazon AWS EC2 deployments, SSH can be enabled. For more information on Amazon AWS EC2, see Unified Access Gateway PowerShell Deployment to Amazon Web Services at VMware Docs.

Enabling SSH access on Unified Access Gateway deployments for vSphere, Hyper-V, or Microsoft Azure is not generally required as console access with those platforms can be used.

In cases where SSH is enabled, TCP port 22 access must be restricted in firewalls or security groups to source IP addresses of individual administrators. EC2 supports this restriction in the EC2 Security Group associated with the Unified Access Gateway network interfaces.

syslogType Enables syslog configuration
Custom configuration setting The custom configuration values that must be added to the systemd.network files can be provided in the following format: SectionName^Parameter=Value.

An example of a custom configuration entry is DHCP^UseDNS=false. This value, when used, disables the usage of DNS IP addresses provided by the DHCP server.

Using the same format, you can add multiple such systemd.network configuration entries separated by semi-colons. Example of custom configuration values for the eth (0,1, and 2) is included in the General section of the sample .ini file.

rootPasswordExpirationDays Password expiration policy for the root users.

The default password expiration time is 365 days.

To prevent password expiry, the expiration time can be set to 0.

passwordPolicyMinLen Minimum length of the root user password.

The defalut value of this parameter is 6.

The maximum value of this parameter is 64.

passwordPolicyMinClass Minimum number of classes of character types that can be used to configure the root password complexity.

The classes of character types are as follows: uppercase, lowercase, digits, and others.

The default value is 1.

This parameter can be configured with the following values: 1, 2, 3, and 4.

If the parameter has the default value, then you can use characters from all the four classes. If the parameter value is 1, then you can use characters from any one of the classes.

passwordPolicyFailedLockout Number of failed login attempts allowed for the root user to access the Unified Access Gateway admin UI.

The default value is 3.

passwordPolicyUnlockTime Duration for which the Unified Access Gateway admin UI is locked out after the configured number of failed login attempts by the root user.

After the lockout, the Unified Access Gateway admin UI is unlocked and the root user can access the UI.

The default value is 900 seconds.

adminpasswordPolicyMinLen Minimum length of the admin user password.

The defalut value of this parameter is 8.

The maximum value of this parameter is 64.

adminpasswordPolicyFailedLockoutCount Number of failed login attempts allowed for the admin user to access the Unified Access Gateway admin UI.

The default value is 3.

adminpasswordPolicyUnlockTime Duration (in minutes) for which the Unified Access Gateway admin UI is locked out after the configured number of failed login attempts by the admin user.

After the lockout, the Unified Access Gateway admin UI is unlocked and the admin user can access the UI.

The default value is 5 minutes.

adminSessionIdleTimeoutMinutes Duration (in minutes) for which the Unified Access Gateway admin UI session has been idle. After this timeout, the admin UI logs out automatically.

The default value is 10 minutes.

The maximum value is 1440 minutes.

If the parameter value is 0, the session does not expire even though in idle state.