Gateway
Retrieve a list of all the RAS Secure Gateway Servers.
Site ID of which the RAS Secure Gateway Servers will be retrieved (optional)
Filter the result by server name (optional)
GET /api/Gateway HTTP/1.1
Host:
Accept: */*
[
{
"id": 1,
"adminCreate": "text",
"adminLastMod": "text",
"timeCreate": "2025-07-08T06:55:31.154Z",
"timeLastMod": "2025-07-08T06:55:31.154Z",
"server": "text",
"enabled": true,
"description": "text",
"siteId": 1,
"publicAddress": "text",
"ipVersion": [
"0 = Version4",
"1 = Version6",
"2 = BothVersions"
],
"iPs": "text",
"bindV4Addresses": "text",
"optimizeConnectionIPv4": "text",
"bindV6Addresses": "text",
"optimizeConnectionIPv6": "text",
"inheritDefaultModeSettings": true,
"inheritDefaultNetworkSettings": true,
"inheritDefaultSslTlsSettings": true,
"inheritDefaultUserPortalSettings": true,
"inheritDefaultWyseSettings": true,
"inheritDefaultSecuritySettings": true,
"inheritDefaultWebSettings": true,
"mode": [
"0 = Normal",
"1 = Forwarding"
],
"normalModeForwarding": true,
"forwardGatewayServers": "text",
"preferredBrokerId": 1,
"forwardHttpServers": "text",
"enableGatewayPort": true,
"gatewayPort": 1,
"onlyAllowAcmeHttp": true,
"enableRDP": true,
"rdpPort": 1,
"broadcast": true,
"enableRDPUDP": true,
"enableDeviceManagerPort": true,
"dosPro": true,
"enableSSL": true,
"sslPort": 1,
"minSSLVersion": [
"2 = TLSv1",
"3 = TLSv1_1",
"4 = TLSv1_2",
"5 = TLSv1_3"
],
"cipherStrength": [
"0 = Low",
"1 = Medium",
"2 = High",
"3 = Custom"
],
"cipher": "text",
"cipherPreference": true,
"certificateId": 1,
"enableHSTS": true,
"hstsMaxAge": 1,
"hstsIncludeSubdomains": true,
"hstsPreload": true,
"enableUserPortal": true,
"userPortalPort": 1,
"launchMethod": [
"0 = ParallelsClientAndWebClient",
"1 = ParallelsClient",
"2 = WebClient"
],
"allowLaunchMethod": true,
"allowAppsInNewTab": true,
"usePreWin2000LoginFormat": true,
"allowEmbed": true,
"allowFileTransfer": true,
"fileTransferMode": [
"0 = Disabled",
"1 = ClientToServer",
"2 = ServerToClient",
"3 = Bidirectional"
],
"allowClipboard": true,
"clipboardDirection": [
"0 = None",
"1 = ClientToServer",
"2 = ServerToClient",
"3 = Bidirectional"
],
"allowCORS": true,
"browserCacheTimeInMonths": 1,
"allowedDomainsForCORS": [
"text"
],
"enableAlternateNLBHost": true,
"alternateNLBHost": "text",
"enableAlternateNLBPort": true,
"alternateNLBPort": 1,
"enableWyseSupport": true,
"disableWyseCertWarn": true,
"securityMode": [
"0 = AllowAllExcept",
"1 = AllowOnly"
],
"macAllowExcept": [
"text"
],
"macAllowOnly": [
"text"
],
"webRequestsURL": "text",
"webCookie": "text",
"useSecureWebCookie": true
}
]Create a new RAS Secure Gateway Server.
If this parameter is included, the RAS Secure Gateway software will not be installed on the target server. The parameter should only be included if the server already has the software installed. If you need to install the software, omit this parameter. When installing the Gateway software, your RAS admin credentials will be used to push install the software. These are the credentials you used to connect to the RAS farm. If needed, you can specify different credentials using the Username and Password parameters.
An administrator account to push install the Gateway software on the target server. If this parameter is omitted, your RAS admin username (and password) will be used
The password of the account specified in the Username parameter.
Specifies not to restart the server after the RAS Gateway is installed. If this parameter is omitted, the server will be restarted if required.
Specifies not to add firewall rules to allow the RD Session Host Agent to communicate. If this parameter is omitted, the firewall rules will not be added.
Create a new Secure Gateway
FQDN or IP address of the server to be added to a site as a RAS Secure Gateway.
The site ID to which the Secure Gateway should be added. To obtain the ID of a desired site, use the appropriate command to Get Sites. If the parameter is omitted, the site ID of the Licensing Server will be used.
Enable or disable User Portal connectivity on the Secure Gateway.
POST /api/Gateway HTTP/1.1
Host:
Content-Type: application/json; api-version=1.0
Accept: */*
Content-Length: 52
{
"server": "text",
"siteId": 1,
"enableUserPortal": true
}{
"id": 1,
"adminCreate": "text",
"adminLastMod": "text",
"timeCreate": "2025-07-08T06:55:31.154Z",
"timeLastMod": "2025-07-08T06:55:31.154Z",
"server": "text",
"enabled": true,
"description": "text",
"siteId": 1,
"publicAddress": "text",
"ipVersion": [
"0 = Version4",
"1 = Version6",
"2 = BothVersions"
],
"iPs": "text",
"bindV4Addresses": "text",
"optimizeConnectionIPv4": "text",
"bindV6Addresses": "text",
"optimizeConnectionIPv6": "text",
"inheritDefaultModeSettings": true,
"inheritDefaultNetworkSettings": true,
"inheritDefaultSslTlsSettings": true,
"inheritDefaultUserPortalSettings": true,
"inheritDefaultWyseSettings": true,
"inheritDefaultSecuritySettings": true,
"inheritDefaultWebSettings": true,
"mode": [
"0 = Normal",
"1 = Forwarding"
],
"normalModeForwarding": true,
"forwardGatewayServers": "text",
"preferredBrokerId": 1,
"forwardHttpServers": "text",
"enableGatewayPort": true,
"gatewayPort": 1,
"onlyAllowAcmeHttp": true,
"enableRDP": true,
"rdpPort": 1,
"broadcast": true,
"enableRDPUDP": true,
"enableDeviceManagerPort": true,
"dosPro": true,
"enableSSL": true,
"sslPort": 1,
"minSSLVersion": [
"2 = TLSv1",
"3 = TLSv1_1",
"4 = TLSv1_2",
"5 = TLSv1_3"
],
"cipherStrength": [
"0 = Low",
"1 = Medium",
"2 = High",
"3 = Custom"
],
"cipher": "text",
"cipherPreference": true,
"certificateId": 1,
"enableHSTS": true,
"hstsMaxAge": 1,
"hstsIncludeSubdomains": true,
"hstsPreload": true,
"enableUserPortal": true,
"userPortalPort": 1,
"launchMethod": [
"0 = ParallelsClientAndWebClient",
"1 = ParallelsClient",
"2 = WebClient"
],
"allowLaunchMethod": true,
"allowAppsInNewTab": true,
"usePreWin2000LoginFormat": true,
"allowEmbed": true,
"allowFileTransfer": true,
"fileTransferMode": [
"0 = Disabled",
"1 = ClientToServer",
"2 = ServerToClient",
"3 = Bidirectional"
],
"allowClipboard": true,
"clipboardDirection": [
"0 = None",
"1 = ClientToServer",
"2 = ServerToClient",
"3 = Bidirectional"
],
"allowCORS": true,
"browserCacheTimeInMonths": 1,
"allowedDomainsForCORS": [
"text"
],
"enableAlternateNLBHost": true,
"alternateNLBHost": "text",
"enableAlternateNLBPort": true,
"alternateNLBPort": 1,
"enableWyseSupport": true,
"disableWyseCertWarn": true,
"securityMode": [
"0 = AllowAllExcept",
"1 = AllowOnly"
],
"macAllowExcept": [
"text"
],
"macAllowOnly": [
"text"
],
"webRequestsURL": "text",
"webCookie": "text",
"useSecureWebCookie": true
}Retrieve a specified RAS Secure Gateway Server.
ID of the Gateway server to be retrieved
GET /api/Gateway/{id} HTTP/1.1
Host:
Accept: */*
{
"id": 1,
"adminCreate": "text",
"adminLastMod": "text",
"timeCreate": "2025-07-08T06:55:31.154Z",
"timeLastMod": "2025-07-08T06:55:31.154Z",
"server": "text",
"enabled": true,
"description": "text",
"siteId": 1,
"publicAddress": "text",
"ipVersion": [
"0 = Version4",
"1 = Version6",
"2 = BothVersions"
],
"iPs": "text",
"bindV4Addresses": "text",
"optimizeConnectionIPv4": "text",
"bindV6Addresses": "text",
"optimizeConnectionIPv6": "text",
"inheritDefaultModeSettings": true,
"inheritDefaultNetworkSettings": true,
"inheritDefaultSslTlsSettings": true,
"inheritDefaultUserPortalSettings": true,
"inheritDefaultWyseSettings": true,
"inheritDefaultSecuritySettings": true,
"inheritDefaultWebSettings": true,
"mode": [
"0 = Normal",
"1 = Forwarding"
],
"normalModeForwarding": true,
"forwardGatewayServers": "text",
"preferredBrokerId": 1,
"forwardHttpServers": "text",
"enableGatewayPort": true,
"gatewayPort": 1,
"onlyAllowAcmeHttp": true,
"enableRDP": true,
"rdpPort": 1,
"broadcast": true,
"enableRDPUDP": true,
"enableDeviceManagerPort": true,
"dosPro": true,
"enableSSL": true,
"sslPort": 1,
"minSSLVersion": [
"2 = TLSv1",
"3 = TLSv1_1",
"4 = TLSv1_2",
"5 = TLSv1_3"
],
"cipherStrength": [
"0 = Low",
"1 = Medium",
"2 = High",
"3 = Custom"
],
"cipher": "text",
"cipherPreference": true,
"certificateId": 1,
"enableHSTS": true,
"hstsMaxAge": 1,
"hstsIncludeSubdomains": true,
"hstsPreload": true,
"enableUserPortal": true,
"userPortalPort": 1,
"launchMethod": [
"0 = ParallelsClientAndWebClient",
"1 = ParallelsClient",
"2 = WebClient"
],
"allowLaunchMethod": true,
"allowAppsInNewTab": true,
"usePreWin2000LoginFormat": true,
"allowEmbed": true,
"allowFileTransfer": true,
"fileTransferMode": [
"0 = Disabled",
"1 = ClientToServer",
"2 = ServerToClient",
"3 = Bidirectional"
],
"allowClipboard": true,
"clipboardDirection": [
"0 = None",
"1 = ClientToServer",
"2 = ServerToClient",
"3 = Bidirectional"
],
"allowCORS": true,
"browserCacheTimeInMonths": 1,
"allowedDomainsForCORS": [
"text"
],
"enableAlternateNLBHost": true,
"alternateNLBHost": "text",
"enableAlternateNLBPort": true,
"alternateNLBPort": 1,
"enableWyseSupport": true,
"disableWyseCertWarn": true,
"securityMode": [
"0 = AllowAllExcept",
"1 = AllowOnly"
],
"macAllowExcept": [
"text"
],
"macAllowOnly": [
"text"
],
"webRequestsURL": "text",
"webCookie": "text",
"useSecureWebCookie": true
}Modify the properties of a RAS Secure Gateway Server.
ID of the Gateway server to be updated
Update a Secure Gateway settings
Enable or disable the specified Secure Gateway.
The new Secure Gateway name. The name must be either a valid FQDN or a valid IP address.
A user-defined Secure Gateway description.
The Public Address of the Secure Gateway.
IP Version
One or multiple (separated by comma) IP addresses.
IPv4 address to bind to. If '0.0.0.0' is passed, will bind to all available addresses. When using a specific address, it has to be available in the IPv4 address list.
Optimize connection for the list of IPv4 (comma separated values).
IPv6 address to bind to. If '::' is passed, will bind to all available addresses. When using a specific address, it has to be available in the IPv6 address list.
Optimize connection for the list of IPv6 (comma separated values).
Enable or disable default mode settings.
Enable or disable default network settings.
Enable or disable default SSL/TLS setting.
Enable or disable default User Portal settings.
Enable or disable default wyse settings.
Enable or disable default security settingsd.
Enable or disable default web settings.
RAS Secure GateWay Mode
Forward requests to HTTP server.
One or multiple (separated by comma) Forwarding Gateway Servers. E.g. localhost:80, web1
Set preferred Connection Broker Automatically.
falseThe preferred Connection Broker ID.
One or multiple (separated by comma) Forwarding HTTP Servers. E.g. localhost:81, web1
Enable or disable a custom RAS Secure Gateway port. To specify a custom port, set this parameter to True and use the GatewayPort parameter to specify the port number.
A custom Gateway port number. For this port to take effect, the EnableGatewayPort parameters must be set to $True.
Whether to ignore all incoming requests except for Acme ones received on 'GatewayPort'
Enable or disable a custom RDP port. To specify a custom port number, use the RDPPort parameter.
A custom RDP port number. For this port to take effect, the EnableRDPPort parameter must be set to True.
Enable or disable the 'Broadcast RAS Secure Gateway Address' option.
Enable or disable the 'RDP UDP Data Tunneling' option.
Enable or disable the 'Device Manager Port' option.
Enable or disable the 'RDP DOS Attack Filter' option.
Enable or disable SSL on the port specified in the SSLPort parameter.
SSL port number. To enable the port, set the EnableSSL port parameter to True.
Accepted SSL Versions
Cipher Strength
Cipher string.
Enable or disable Use ciphers according to server preference.
Set Certificate Automatically.
falseThe Certificate ID. Certificate Set Priority 2. This value will be ignored if a CertificateObj is specified.
Enable or disable HSTS. To specify a custom HSTS Age, set this parameter to True and use the HSTSMaxAge parameter to specify the HSTS maximum age.
Specifies the HSTS maximum age.
Enable or disable the HSTS sub-domains.
Enable or disable the HSTS preload.
Enable or disable User Portal connectivity on the Gateway.
A custom User Portal port number.
LaunchMethod
Allow users to select a resource launch method.
Allow users to start applications in a new browser tab.
Enable or disable the 'Use Pre Windows 2000 Login Format' option.
Allow embedding of Web Client into other web pages.
Deprecated: use FileTransferMode instead. Enable or disable the 'Allow file transfer' option.
File Transfer Control modes.
Enable or disable the 'Allow Clipboard' option.
Clipboard Direction Type.
Allow cross-origin resource sharing.
Allowed domains for cross-origin resource sharing.
How long should the browser preserve the cache (in months).
Enable or disable Alternate NLB host name specified in the EnableAlternateNLBHost parameter.
Alternate NLB host name. To enable the host name, set the EnableAlternateNLBHost port parameter to True.
Enable or disable Alternate NLB on the port specified in the AlternateNLBPort parameter.
Alternate NLB port number. To enable the port, set the EnableAlternateNLBPort port parameter to True.
Enable or disable Wyse ThinOS support.
Enable or disable the warning if server certificate is not verified.
Security Mode
Specifies the Security 'MAC Allow Except' MAC addresses.
Specifies the Security 'MAC Allow Only' MAC addresses.
Set a URL for Web requests. This is the URL that will open when a user enters the IP address of the RAS Secure Gateway server in a web browser. For the URL to work, the gateway mode must be set to Normal.
Set the Web Cookie Name used by RAS.
Enable or disable the addition of the secure attribute to the cookie to the Web Cookie.
PUT /api/Gateway/{id} HTTP/1.1
Host:
Content-Type: application/json; api-version=1.0
Accept: */*
Content-Length: 2038
{
"enabled": true,
"server": "text",
"description": "text",
"publicAddress": "text",
"ipVersion": [
"0 = Version4",
"1 = Version6",
"2 = BothVersions"
],
"iPs": "text",
"bindV4Addresses": "text",
"optimizeConnectionIPv4": "text",
"bindV6Addresses": "text",
"optimizeConnectionIPv6": "text",
"inheritDefaultModeSettings": true,
"inheritDefaultNetworkSettings": true,
"inheritDefaultSslTlsSettings": true,
"inheritDefaultUserPortalSettings": true,
"inheritDefaultWyseSettings": true,
"inheritDefaultSecuritySettings": true,
"inheritDefaultWebSettings": true,
"mode": [
"0 = Normal",
"1 = Forwarding"
],
"normalModeForwarding": true,
"forwardGatewayServers": "text",
"autoPreferredBroker": false,
"preferredBrokerId": 1,
"forwardHttpServers": "text",
"enableGatewayPort": true,
"gatewayPort": 1,
"onlyAllowAcmeHttp": true,
"enableRDP": true,
"rdpPort": 1,
"broadcast": true,
"enableRDPUDP": true,
"enableDeviceManagerPort": true,
"dosPro": true,
"enableSSL": true,
"sslPort": 1,
"minSSLVersion": [
"2 = TLSv1",
"3 = TLSv1_1",
"4 = TLSv1_2",
"5 = TLSv1_3"
],
"cipherStrength": [
"0 = Low",
"1 = Medium",
"2 = High",
"3 = Custom"
],
"cipher": "text",
"cipherPreference": true,
"autoCertificate": false,
"certificateId": 1,
"enableHSTS": true,
"hstsMaxAge": 1,
"hstsIncludeSubdomains": true,
"hstsPreload": true,
"enableUserPortal": true,
"userPortalPort": 1,
"launchMethod": [
"0 = ParallelsClientAndWebClient",
"1 = ParallelsClient",
"2 = WebClient"
],
"allowLaunchMethod": true,
"allowAppsInNewTab": true,
"usePreWin2000LoginFormat": true,
"allowEmbed": true,
"fileTransferMode": [
"0 = Disabled",
"1 = ClientToServer",
"2 = ServerToClient",
"3 = Bidirectional"
],
"clipboardDirection": [
"0 = None",
"1 = ClientToServer",
"2 = ServerToClient",
"3 = Bidirectional"
],
"allowCORS": true,
"allowedDomainsForCORS": [
"text"
],
"browserCacheTimeInMonths": 1,
"enableAlternateNLBHost": true,
"alternateNLBHost": "text",
"enableAlternateNLBPort": true,
"alternateNLBPort": 1,
"enableWyseSupport": true,
"disableWyseCertWarn": true,
"securityMode": [
"0 = AllowAllExcept",
"1 = AllowOnly"
],
"macAllowExcept": [
"text"
],
"macAllowOnly": [
"text"
],
"webRequestsURL": "text",
"webCookie": "text",
"useSecureWebCookie": true
}No content
Delete a RAS Secure Gateway Server.
ID of the Gateway server to be deleted
When this parameter is included, the Gateway software will not be removed from the server. If you want to remove the software, omit this parameter. When removing the software, your RAS admin credentials will be used to remotely execute the uninstaller on the target server. You can specify different credentials if needed using the Username and Password parameters.
An administrator account name to remotely uninstall the Gateway software from the server. If this parameter is omitted, your RAS admin username (and password) will be used.
The password of the account specified in the Username parameter.
DELETE /api/Gateway/{id} HTTP/1.1
Host:
Accept: */*
No content
Was this helpful?