Changing Ports in Novell Access Manager 3.0.1



Some organizations do not allow for multiple ports to be open to the outside world, other than 80 and 443. For example, some hotel guest networks only allow 80 and 443 outbound. What if your Sales VP is onsite with a customer and needs to retrieve a presentation they forgot? Do you think the customer would be nice enough to open some ports for them? Just for a little while?



  • Current Configuration - NetWare Access Gateway should be similar

  • All servers are Linux - SUSE 9 and 10

This is the scenario I used at my organization:

Click to view.

Figure 1

Figure 1 - Access Gateway configuration

Refer to Chendil Kumar's article on SSLVPN scenarios based on port 443:

Myth about TCP Port 443 and Novell Access Manager 3.0 SSLVPN


Here are the steps I followed:

1. Log in to the Administration Console (modified iManager).

Click to view.

Figure 2

Figure 2 - iManager Admin Console

2. Expand Access Manager and select Identity Servers.

Click to view.

Figure 3

Figure 3 - Selecting Identity Servers

3. On the right, click Edit.

Click to view.

Figure 4

Figure 4 - Editing Identity Servers

4. Change the port within the Base URL from the default of 8443 to 443 and click Apply.

No, it's not that easy - there are a few more steps and a couple of gotchas to watch out for. Pay close attention to this popup - gotcha #1. We'll take care of it later.

Click to view.

Figure 5

Figure 5 - Warning pop-up

5. Click OK.

Click to view.

Figure 6

Figure 6 - Identity Servers warning

6. Click Update All to complete the Identity Server changes.

7. Select Access Gateways on the left.

Click to view.

Figure 7

Figure 7 - Access Gateways

8. Click Update to update the Access Gateways.

Now that the Configuration has been updated, we need to re-import the metadata from the IDP (Identity) server to the Access Gateways. Why? When you change the config of the IDP, it "breaks" the trust relationship between the services, and we'll need to fix that. If you stop here and test connecting, you could very well get a 100101044 error.

9. Click Edit on the Access Gateway.

Click to view.

Figure 8

Figure 8 - Editing Access Gateway Servers

10. Click Reverse Proxies/Authentication.

Click to view.

Figure 9

Figure 9 - Server Configuration

11. Click the dropdown list next to Identity Server Configuration and select None.

Click to view.

Figure 10

Figure 10 - Reverse Proxy Authentication

12. Click OK and then Update on the Access Gateway AND on the Identity Server.

One habit I have developed with NAM is that whenever I change ANYTHING and apply it, I check out ALL of the services to ensure none of them are waiting for an "Update".

13. Once the Updates are complete, click Edit on the Access Gateway.

14. Click Reverse Proxies/Authentication.

15. Change the Identity Server Configuration back to your [IDP Config].

16. Click OK and then Update on the Access Gateway AND on the Identity Server.

17. To check whether the re-import update completed successfully, select the Identity Servers and click Edit.

18. Click the Liberty tab on the top and then select Trusted Providers.

Click to view.

Figure 11

Figure 11 - Trusted Providers

You should see your Access Gateway listed under Service Providers.


Now for the test. An outside/public connection gives the best test for this application.

1. Open a browser and enter the URL for your SSLVPN:


2. If your organization doesn't allow for ActiveX, then change the URL to

You should see the following login screen:

Click to view.

Figure 12

Figure 12 - NAM Login screen

3. Log in (depending on your Identity Store).

Click to view.

Figure 13

Figure 13 - Logging in with SSLVPN

You can edit the home page to suit your organization's needs. The file is located on the server you installed SSLVPN in this directory:



Novell Access Manager 3.0.1 is a bit tricky for those who are unfamiliar with protected resources and iChain. It has some really improved features over iChain, and migrating is simpler than when you originally learned iChain.

If you are a newbie to this product, may I strongly suggest the Digital Airlines examples. It does a full walk through on the basic setup you could try in a lab, and it really explains the what and why of the product's setup.

You can find it here:


How To-Best Practice
Comment List