Configure secure gateway communication services.
Reference → Installation → Folders | Licensing | Updates | SecureGateway | Web Server
Secure communication gateways for multi-site deployments.
TSecureGateway Executable
TSecureGateway manages communications between multiple FrameworX projects and sites, providing routing and security for distributed deployments.
Architecture Types
- 1-to-1 Communications: Direct single site connections
- 1-to-Many Communications: Multiple sites to master project
- Traffic Control: Only authorized traffic between designated points
- Site Isolation: Sites remain separate from each other
What it routes
The gateway relays FrameworX runtime traffic to a TServer designated by RemoteIP — this includes Rich Client and Smart Client sessions, remote Device channels, and database connections (the Datasets GatewayIP pattern). From 10.1.5 it also carries AI / LLM egress: a solution can route its Local AI model calls through the gateway by setting Secure Gateway IP on its Local AI configuration, so the call is handed to an egress TServer that holds the endpoint and credentials and makes the outbound request — keeping the model endpoint and API key off the control-zone runtime. See Local AI Configuration (10.1.5 draft) and Remote and Cloud LLM Models.
Installation
Basic Setup
- Run
InstallTWebGatewayService.exe - Configure
TWebGatewayService.exe.config - Service created in Windows Services
- Logs appear in Windows Event Viewer
Multi-Port Setup
- Stop service:
InstallWebGateway /uninstall - Modify configuration file
- Reinstall:
InstallWebGateway
The installer reads configuration and updates Windows routing table.
Configuration Parameters
Core Parameters
| Parameter | Description | Notes |
|---|---|---|
| LocalPort | Gateway listening port | Set 0 for Windows Auth only |
| LocalPortWA | Windows Auth port | Set 0 if not using |
| RemoteIP | TServer.exe computer IP | Runtime server location |
| RemotePort | TServer.exe port | Without Windows Auth |
| RemotePortWA | TServer.exe port with WA | Alternative to RemotePort |
| WA | Authentication mode | True = Windows Auth only |
Optional Parameters
| Parameter | Description | Usage |
|---|---|---|
| RuntimeUsersProject | Project with RuntimeUsers table | Validates client users |
| CheckRunTimeUsersWA | Validate with Windows Auth | Cannot use with RuntimeUsersProject |
| TargetCF | Compact Framework support | Windows CE deployment |
Multi-Port Configuration
Configure additional routing with ExtraCount:
xml
<add key="ExtraCount" value="3"/>
<add key="LocalPort2" value="3100"/>
<add key="RemoteIP2" value="192.168.1.100"/>
<add key="RemotePort2" value="3101"/>
<add key="LocalPort3" value="3200"/>
<add key="RemoteIP3" value="192.168.1.200"/>
<add key="RemotePort3" value="3201"/>Pattern continues for LocalPort(n), RemoteIP(n), RemotePort(n).
Service Management
Starting Service
cmd
net start TWebGatewayServiceVerification
Check Event Viewer for startup log:
First redirect :: LocalPort: 3101, RemoteIP: localhost, RemotePort: 3101
Extra Redirection Table:
Listen on ipv4: Connect to ipv4:
Address Port Address Port
0.0.0.0 3100 192.168.80.129 3100
0.0.0.0 3102 192.168.80.129 3101Monitoring
- Windows Event Viewer for logs
- Performance Monitor for traffic
- Network traces for debugging
Configuration Examples
Single Site Gateway
xml
<add key="LocalPort" value="3101"/>
<add key="RemoteIP" value="192.168.1.100"/>
<add key="RemotePort" value="3101"/>Multi-Site with Windows Auth
xml
<add key="LocalPortWA" value="3102"/>
<add key="WA" value="true"/>
<add key="ExtraCount" value="2"/>
<add key="LocalPort2" value="3200"/>
<add key="RemoteIP2" value="site1.local"/>
<add key="RemotePort2" value="3101"/>
<add key="LocalPort3" value="3300"/>
<add key="RemoteIP3" value="site2.local"/>
<add key="RemotePort3" value="3101"/>Limitations
- Windows Authentication disables multi-port functionality
- Config modifications require service restart
- Each additional port requires unique LocalPort number
- RemotePort can be same across different RemoteIPs
Troubleshooting
| Issue | Solution |
|---|---|
| Service won't start | Check Event Viewer |
| Port conflicts | Use netstat to find conflicts |
| Connection refused | Verify firewall rules |
| Authentication fails | Check WA parameter |
| Routes not working | Reinstall after config changes |
In this section...