This thread is dedicated to questions and comments related to the PGSQL/PGSQL64 - PostgreSQL Database Appliance.
The PGSQL/PGSQL64 appliance data sheet can be found at:
AppLogic 2.4.x: http://doc.3tera.net/AppLogic24/CatDatabaseAppliancesPGSQL.html
AppLogic 2.7.x: http://doc.3tera.net/AppLogic27/CatDatabaseAppliancesPGSQL.html (page will be published concurrently with 2.7 release)

For database administration tasks, we do need to connect to our production database from the pgAdmin desktop tool over the internet. We would like to do this securely, which probably means protected by SSL encryption. For our internal connections from the Tomcat servers, this isn't necessary or desirable.

To require SSL connections, the client machine IP address range is specified in a postgresql.conf setting similar to one of the following:

hostssl all all IP-address IP-mask password
hostssl all all CIDR-address password

My problem is all clients seem to have the IP address of the IN appliance used as the gateway. I can't get to the actual client IP, since IN isn't really a router. I also can't set up 2 IN appliances (internal and external), since they have 10.80.X.X IP addresses that probably aren't stable.

By using 0.0.0.0/0 as the CIDR-address, I believe that all connections would require SSL negotiation. I'd prefer using SSL only for external connections.

David,

The AppLogic approach here would be to replace IN with VPN (http://doc.3tera.com/AppLogic27/CatGatewayVpn.html), which provides several ways of secured access to an application, so you can leave PGSQL the way it is and offload the encryption to VPN.

Regards,
Pavel