manualshive.com logo in svg

Ipswitch Gateway 2017 Plus, User Manual

The Ipswitch Gateway 2017 Plus user manual is available for free download on our website. This comprehensive manual provides step-by-step instructions and helpful tips for maximizing the functionality of your Ipswitch Gateway 2017 Plus. Access the user manual at manualshive.com and make the most of your product.

Share
Download
background image

 

 

Endpoint and Proxies 

27 

 

6

 

Listen On

: The IP address and port on which the proxy will  listen. No other proxy can listen on that port 

number for that Endpoint. This value  is empty initially. You must click 

  to add a Listen On port 

before you can run the  proxy.   

§

 

FTP

:  Listen on addresses and ports display  for Explicit  FTP  and Implicit FTP.  See 

Add a Proxy

 (on 

page 28) for details. 

§

 

HTTP

:  Listen on addresses and  ports display for SSL Address, Client Cert Address, and HTTP 

Redirect Address. See 

Add a Proxy

 (on page 28) for details. 

7

 

Send To

:

 

The MOVEit Transfer Endpoint  address and port to  which the  proxy will  send encrypted data.   

8

 

Key

: The key used to verify the proxy with the Endpoint certificate. This value is empty initially. You must 

click 

  to select a key before you  can run the proxy. See also 

Keys and Certs

 (on page 30). 

9

 

Status

: The current state of the proxy, either running or stopped. If running, running time displays. 

The proxy is stopped initially. You must start it manually after adding and configuring it. Ipswitch 
Gateway routes external traffic to the Endpoint only through a running proxy. You must stop a proxy 
before editing the Endpoint or deleting a key that the proxy uses. 

An error indicator displays for proxies that could not be restarted on reboot. 

10

 

Actions

§

 

Edit

:  Change any of the proxy settings you selected when creating the proxy, such as the 

proxy name, Listen On IP address and port, Key, and Send to Port. 

Note

: You must stop a 

proxy before you can edit it. Everything except a name change requires a computer restart. 

§

 

Start / Stop Proxy

:  You can start and stop an Endpoint's proxies independently. You must 

start a proxy manually after adding and configuring it. Proxies restart automatically after 
computer restart only if they were running when the application stopped. Before a proxy 
starts, Ipswitch Gateway verifies that the proxy's Endpoint is configured with a valid hash, 
and that the certificate configured with that Endpoint still matches the certificate presented by 
the remote server. If a proxy is stopped unexpectedly, you may need to edit the proxy's 
settings to fix it. 

§

 

Delete

:  If the proxy is running when you try to delete it, you'll receive a warning message. 

11

 

Add Proxy: 

Select 

ftp

ssh/sftp

 or 

http

. See 

Add a Proxy

 (on page 28) for more information. 

Summary of Contents for Gateway 2017 Plus

Page 1: ...User Guide ...

Page 2: ......

Page 3: ...Launch Gateway Configuration Interface 12 Step 4 Configure the Firewall 13 Pre requisites 13 Notes 14 Step 1 Gateway Server Firewall Rules 14 Step 2 MOVEit Transfer Server Firewall Rules 16 Step 3 Verify Firewall Rules 19 Web FarmInstall 21 Upgrade 22 Step 1 Upgrade Gateway Server and Server Side SSTP Tunnel 22 Step 2 Upgrade Client Side SSTP Tunnel on a MOVEit Transfer Server 24 Endpoint and Prox...

Page 4: ......

Page 5: ...ce cards 1GB sec minimum for separate externaland internalservices recommended Production systems willbenefit from additional resources including faster additionaland multi core processors more RAM hard drive capacity and speed Supported Virtualization Environments VMware vSphere 64 bit guest servers Microsoft Hyper V 64 bit guest servers Release Notes ...

Page 6: ... On fresh installs the Ipswitch Gatewayinstallernowprompts forthe hostname ofthe Gateway system as viewedby endusers This is needed for processingHTTPSclient certificate authentication GW 741 Proxies When addinga proxy the Listen on IPAddress orHostname valueis now prepopulatedwith 0 0 0 0 which directs the proxy to listenon allavailable addresses at the givenport GW 726 Client Identity Client IP ...

Page 7: ...ver GW 829 SFTP Ipswitch Gateway s SFTPserverhas been improved soit can handle more simultaneous connection requests Previously theSFTPserver could refuse connections underheavyload GW 826 Settings A minor change was made to the message displayedwhenthe FTP passive port range was changed GW 820 Security Previously it was possible to configure a proxy on the Gateway server to contain certain HTMLta...

Page 8: ... manually startingeachproxy To do this foreach proxy underActions chooseStart Proxy GW 990 FTP The following specific FTPconfigurationon Gateway MOVEit TransferpreventsusersfromaccessingMOVEit Transferthrough Gateway using insecure FTP AllowFTP SSL Access Yes AllowInsecure FTPAccess Yes SSL Client Cert Required Yes Passwordalsorequiredwith SSLClient Cert Yes Workaround To utilize insecure FTP do n...

Page 9: ...created orapprovedthrough MOVEit Transfer Ipswitch Gatewayhas no such feature Thus users whohaveinstalled client certificates forapplications other than MOVEit Transfershouldignore those certificates whenmaking a selectionfromtheirbrowser s list ofcertificates GW 813 Upgrade Customers upgradingfroma previous releaseshould checkthat the new Host Name field is correct This field is in the Settings t...

Page 10: ...rver to the Ipswitch Gateway computer or virtualmachine Ipswitch Gateway then runs as a Windows Service that provides reverse proxies and forwards only encrypted traffic to the MOVEit Transfer server over the tunnel All communications between the client and server session are encrypted and streamed through this connection Ipswitch Gateway inspects allrequests and if the requests look valid forward...

Page 11: ...worker nodes The load balancing is built into the operating system and the feature is provided collectively by all worker nodes Ipswitch does not support the built in Microsoft Windows Network Load Balancer NLB in the initial release of Ipswitch Gateway Most enterprise web farm customers employ traditionalload balancers from hardware vendors like Cisco and F5 The deployments below focus on this sc...

Page 12: ...t Transfer 3 Open the Ipswitch Gateway installer and click Run to run the install wizard 4 Welcome Select Step1 Install a Gateway server outside firewall and a server side SSTP tunnel Click Next The installer looks for prerequisite software 5 System Check The installer verifies the following Operating System Version The machine must be running the Windows Server 2012R2 or Server 2016 operating sys...

Page 13: ...lready be in use by the system such as 10043 The default 9443 is a good choice for most systems Click Next 8 Options Service User Account Designate which account Ipswitch Gateway should use to run the Gateway service process Local System account Different account Enter the username and password of the different account Click Next 9 Options Certificate for the SSTP Tunnel Designate a certificate to...

Page 14: ... to Sites and then the name of your MOVEit Transfer website In most cases that is moveitdmz 3 In the right pane choose Bindings 4 In the Site Bindings dialog choose https 5 Choose Edit 6 In the Edit Site Binding dialog choose SSLCertificate View 7 In the Certificate dialog choose the Details tab 8 Choose Copyto File 9 In the Certificate Export Wizard choose Next 10 In the Export Private Key window...

Page 15: ...l or not trust and not import it I trust this certificate Import this certificate into the local trusted certificate store Automatically imports and trusts the SSTP certificate I do not trust this certificate Do not import this certificate Does not import the SSTP certificate You must import the certificate manually This option is not often used Situations where you might select this option includ...

Page 16: ...ps shown take similar steps for other browsers Note You cannot perform this step remotely You must be on the Ipswitch Gateway server to set up the first Endpoint 3 ConfigureEndpoint Enter information about a MOVEit Transfer server Endpoint IP Address The IP address entered here should be 192 168 1 2 which is the IP address of the MOVEit Transfer server on the tunnelconnection Do NOT use the actual...

Page 17: ... for both fresh installs and upgrades If you have not yet installed this new MOVEit license you will see the message License Not Found You will be prompted to upgrade your MOVEit Transfer license and Retry Log in to the MOVEit Transfer server as sysadmin or orgadmin and click Submit After checking ciphers the Endpoint is verified The verification process willreoccur automatically whenever the syst...

Page 18: ...it Transfer directly if there is a second interface that is marked as private by Windows Note that network interfaces including the one used to connect to Gateway are created as public by default in Windows So the customer would have to go out of their way to mark the second interface if any as private Incoming connections through the tunnelare regarded as private Step 1 Gateway ServerFirewall Rul...

Page 19: ...Install 15 h Port 10443 SSTP Tunnel 2 Under the Scope tab modify the Remote IP Address for port 10443 to only allow connections from the MOVEit Transfer server IP address for example 192 168 196 237 ...

Page 20: ...d for public network locations Step 2 MOVEit TransferServerFirewall Rules 1 Modify the pre defined inbound port rules for the following ports and set them to only apply to the private network profile a MOVEit DMZ FTP b MOVEit DMZ SSH c World Wide Web Services HTTP Traffic In ...

Page 21: ...Install 17 d World Wide Web Services HTTPS Traffic In ...

Page 22: ...switchGateway User s Guide 2 Create a new public network inbound port rule to block incoming connections for allports 3 Verify that the firewall state is enabled for both public and private network locations ...

Page 23: ...er and try to connectto the MOVEit Transfer server IP address Note If the firewall rules have been correctly defined the connection to the MOVEit Transfer server IP address should time out Test 2 2 Open a web browser on the Gateway server and try to connectto the Gateway server IP address ...

Page 24: ...20 IpswitchGateway User s Guide Note If the firewall rules have been correctly defined the connection to the MOVEit Transfer server IP address should succeed ...

Page 25: ...nel If the firewall is not an external firewall but rather is an operating system based firewalllike Windows Firewall that is aware of private networks then this rule should apply only to public networks Next return to Configure the Firewall on page 13 Step3 Verify Firewall Rules Web Farm Install To install Ipswitch Gateway in a MOVEit Transfer web farm firstcreate the MOVEit Transfer web farm as ...

Page 26: ...lect Step1 Install a Gateway server outside firewall and a server side SSTP tunnel Click Next The installer looks for prerequisite software 6 System Check The installer verifies the following Operating System Version The machine must be running the Windows Server 2012R2 or Server 2016 operating system Routing and Remote Access Service A Windows server is required to properly configure the the Rout...

Page 27: ...fault 9443 is a good choice for most systems Click Next 8 Options Service LogonAccount Designate which account Ipswitch Gateway should use to run the Gateway service process Local System account Different account Enter the username and password of the different account Click Next 9 Options SSTP Tunnel Certificate Designate a certificate to use for the Secure Socket TunnelProtocol SSTP connection A...

Page 28: ...ter s certificate store before continuing with the installation Click Next 8 Options Gateway Server Address Enter the Gateway Server Address or hostname to establish a connection Important What you enter here must be identical to what you entered for IP address or hostname in Step 1 on page 8 Options Gateway Configuration Interface System generated self signed certificate Certificate Name Click Ne...

Page 29: ...led under EAP Types The Endpoint page shows details about the MOVEit Transfer Endpoint and its associated proxies Ipswitch Gateway 1 1 supports only one Endpoint Initially only three default proxies display for the Endpoint one for each protocoltype FTP HTTP and SSH SFTP A proxy listens on a port for traffic of a certain protocoltype and forwards traffic of that type to the Endpoint There are usua...

Page 30: ...ete allof the Endpoint s proxies too evenifthey are running You cannotundo the deletionofthe Endpoint Ifyou delete the Endpoint you llbe promptedto configure and verify an Endpoint aftersign in 3 TransferRate The averagenumberofbytes transfered persecond byallofthe Endpoint s proxies upload and download for1 minute 5 minute and 15 minute intervals Numbers are moving averages foreach time period Cl...

Page 31: ...o the Endpointonly through a runningproxy You must stopa proxy before editing theEndpointordeletinga key that theproxy uses An errorindicatordisplaysforproxies that could not be restartedon reboot 10 Actions Edit Change any of the proxy settings you selected when creating the proxy suchas the proxy name Listen On IP address and port Key and Send to Port Note You must stop a proxy before you can ed...

Page 32: ...ing that endpoint will automatically point to the new IP address if any MOVEit TransferServerChanges If the MOVEit Transfer server s certificate identity changes or the MOVEit Transfer server location moves from one machine to another go to the Ipswitch Gateway computer sign in to the Gateway Configuration Interface and fromthe sign in page click Re verify or Delete to reconfigure that Endpoint Ad...

Page 33: ...and enter the Gateway VM s public IP address The connection port is determined by the passive port range which can be configured in the Settings on page 32 tab HTTP Listen On Port Default port is 433 If you installed MOVEit Mobile add a proxy listening on 8443 to route traffic to the Mobile Server in the trusted zone Client Cert Port This port accepts HTTPS requests from the user during client cer...

Page 34: ... the port number of the MOVEit Transfer server to which the proxy will send data The default for HTTP is 443 the default for FTP is 990 and the default for SSH SFTP is 22 6 Click Save The proxy displays beneath the Endpoint The status of newly added proxies is Stopped Click Keys and Certs to view all keys uploaded to the Ipswitch Gateway keystore Initially the Keys and Certs list will is empty You...

Page 35: ...cessfulimport the new key displays in the Keys list Duplicate Keys warning If you uploaded the same key twice you llsee a yellow Duplicate Keys warning notifying you that the key has already been uploaded You can either upload another key file or return to the Key List Key Conflicts warning If the key you uploaded conflicts with the alias name of another key in the Ipswitch Gateway keystore you ll...

Page 36: ... a proxy On the Keys and Certs page click the boxed number to view the specific proxies using that key To delete a key click and select Delete then confirm the deletion Reset an SSH Key 1 Go to the Endpoints on page 25 page and stop the ssh sftpproxy 2 Return to the Keys and Certs on page 30 page and delete the SSH key on page 32 3 Go back to the Endpoint page and start the ssh sftpproxy to genera...

Page 37: ...pswitch Inc Allrights reserved This document as wellas the software described in it is furnished under license and may be used or copied only in accordance with the terms of such license Except as permitted by such license no part of this publication may be reproduced photocopied stored on a retrievalsystem or transmitted in any form or by any means electronic mechanical recording or otherwise wit...

Reviews:

No comments

Related manuals for Gateway 2017 Plus

Canon imagePRESS Server G200 Service Manual preview
imagePRESS Server G200
Brand: Canon Pages: 82
Canon P 400 Service Manual preview
P 400
Brand: Canon Pages: 88
IBM N Series Installation And Configuration Instructions preview
N Series
Brand: IBM Pages: 7
SEH UT 16 Quick Installation Manual preview
UT 16
Brand: SEH Pages: 20
Surveon EonServ 5000 Series User Manual preview
EonServ 5000 Series
Brand: Surveon Pages: 33
Compaq 244857-001 - TaskSmart - C4000 Model 60_duplicate Specification preview
244857-001 - TaskSmart - C4000 Model 60_duplicate
Brand: Compaq Pages: 9
ASROCK 2U4FH-12L User Manual preview
2U4FH-12L
Brand: ASROCK Pages: 40
SpectraLink DECT Server 2500 Interoperability Manual preview
DECT Server 2500
Brand: SpectraLink Pages: 27
QNAP Turbo NAS TS-219P Troubleshooting Manual preview
Turbo NAS TS-219P
Brand: QNAP Pages: 49
Xerox CSX 2000 Reference Manual preview
CSX 2000
Brand: Xerox Pages: 13
Xerox 6100BD - Phaser Color Laser Printer Installation Manual preview
6100BD - Phaser Color Laser Printer
Brand: Xerox Pages: 34
Xerox 6100BD - Phaser Color Laser Printer Operator'S Manual preview
6100BD - Phaser Color Laser Printer
Brand: Xerox Pages: 140
Vitek VT-IPSD102H - Manual preview
VT-IPSD102H -
Brand: Vitek Pages: 55
Camerio RX3616_V2 User Manual preview
RX3616_V2
Brand: Camerio Pages: 178
Check Point Smart-1 150 Getting Started Manual preview
Smart-1 150
Brand: Check Point Pages: 45
QUANTA S200-X12TS User Manual preview
S200-X12TS
Brand: QUANTA Pages: 52
Thales ProtectServer 3 HSM Installation And Configuration Manual preview
ProtectServer 3 HSM
Brand: Thales Pages: 96
Gigabyte R262-ZA1 User Manual preview
R262-ZA1
Brand: Gigabyte Pages: 149

Brands by name

Popular brands

Load more brands