Planning to install a CA Access Gateway (SPS) behind a Load Balancer:

1. Trusted Host Name (under "Trusted Host Name and Configuration Object" section):
   
   Does this parameter have to be defined to the host FQDN of the Access Gateway or to the FQDN of the Load Balancer?
   
   
2. Server Name (under "Apache Configuration" section):
   
   Does this parameter need to be set to the Access Gateway's host FQDN or to the Load Balancer FQDN?

1. The "Trusted Host Name" can actually be configured with whatever name, it hasn't had to be a FQDN. It's a name to identify the agent connection. So, the scope is limited to communication between the CA Access Gateway (SPS) Agent and the Policy Server (1).
   
   
2. Then, the HCO (Host Configuration Object) follows quite the same path. The HCO is used to specify the Policy Server IP or FQDN the CA Access Gateway (SPS) Agent will connect to.
   
   So, here also, the HCO name can be whatever name.
   
   
3. As per documentation, the servername should be set to the Load Balancer one in the httpd.conf, and, the Default Virtual Host configuration from the server.conf should be set to the IP of the Load Balancer (2).

1. Access Gateway Configuration
   https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/siteminder/12-8/configuring/access-gateway-configuration.html
   
   
2. Access Gateway in an Enterprise
   https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/siteminder/12-8/implementing/implementing-access-gateway/access-gateway-in-an-enterprise.html