Ipswitch Gateway 2017 Plus Скачать руководство пользователя | Manualshive

Страница: 19 / 37

background image

Install

15

h)

Port 10443 (SSTP Tunnel)

2

Under the

Scope

tab, modify the

Remote IP Address

for port 10443 to only allow connections from the

MOVEit Transfer server IP address (for example, 192.168.196.237).

«
...
17
18
19
20
21
...
»

Содержание Gateway 2017 Plus

Страница 1: ...User Guide ...

Страница 2: ......

Страница 3: ...Launch Gateway Configuration Interface 12 Step 4 Configure the Firewall 13 Pre requisites 13 Notes 14 Step 1 Gateway Server Firewall Rules 14 Step 2 MOVEit Transfer Server Firewall Rules 16 Step 3 Verify Firewall Rules 19 Web FarmInstall 21 Upgrade 22 Step 1 Upgrade Gateway Server and Server Side SSTP Tunnel 22 Step 2 Upgrade Client Side SSTP Tunnel on a MOVEit Transfer Server 24 Endpoint and Prox...

Страница 4: ......

Страница 5: ...ce cards 1GB sec minimum for separate externaland internalservices recommended Production systems willbenefit from additional resources including faster additionaland multi core processors more RAM hard drive capacity and speed Supported Virtualization Environments VMware vSphere 64 bit guest servers Microsoft Hyper V 64 bit guest servers Release Notes ...

Страница 6: ... On fresh installs the Ipswitch Gatewayinstallernowprompts forthe hostname ofthe Gateway system as viewedby endusers This is needed for processingHTTPSclient certificate authentication GW 741 Proxies When addinga proxy the Listen on IPAddress orHostname valueis now prepopulatedwith 0 0 0 0 which directs the proxy to listenon allavailable addresses at the givenport GW 726 Client Identity Client IP ...

Страница 7: ...ver GW 829 SFTP Ipswitch Gateway s SFTPserverhas been improved soit can handle more simultaneous connection requests Previously theSFTPserver could refuse connections underheavyload GW 826 Settings A minor change was made to the message displayedwhenthe FTP passive port range was changed GW 820 Security Previously it was possible to configure a proxy on the Gateway server to contain certain HTMLta...

Страница 8: ... manually startingeachproxy To do this foreach proxy underActions chooseStart Proxy GW 990 FTP The following specific FTPconfigurationon Gateway MOVEit TransferpreventsusersfromaccessingMOVEit Transferthrough Gateway using insecure FTP AllowFTP SSL Access Yes AllowInsecure FTPAccess Yes SSL Client Cert Required Yes Passwordalsorequiredwith SSLClient Cert Yes Workaround To utilize insecure FTP do n...

Страница 9: ...created orapprovedthrough MOVEit Transfer Ipswitch Gatewayhas no such feature Thus users whohaveinstalled client certificates forapplications other than MOVEit Transfershouldignore those certificates whenmaking a selectionfromtheirbrowser s list ofcertificates GW 813 Upgrade Customers upgradingfroma previous releaseshould checkthat the new Host Name field is correct This field is in the Settings t...

Страница 10: ...rver to the Ipswitch Gateway computer or virtualmachine Ipswitch Gateway then runs as a Windows Service that provides reverse proxies and forwards only encrypted traffic to the MOVEit Transfer server over the tunnel All communications between the client and server session are encrypted and streamed through this connection Ipswitch Gateway inspects allrequests and if the requests look valid forward...

Страница 11: ...worker nodes The load balancing is built into the operating system and the feature is provided collectively by all worker nodes Ipswitch does not support the built in Microsoft Windows Network Load Balancer NLB in the initial release of Ipswitch Gateway Most enterprise web farm customers employ traditionalload balancers from hardware vendors like Cisco and F5 The deployments below focus on this sc...

Страница 12: ...t Transfer 3 Open the Ipswitch Gateway installer and click Run to run the install wizard 4 Welcome Select Step1 Install a Gateway server outside firewall and a server side SSTP tunnel Click Next The installer looks for prerequisite software 5 System Check The installer verifies the following Operating System Version The machine must be running the Windows Server 2012R2 or Server 2016 operating sys...

Страница 13: ...lready be in use by the system such as 10043 The default 9443 is a good choice for most systems Click Next 8 Options Service User Account Designate which account Ipswitch Gateway should use to run the Gateway service process Local System account Different account Enter the username and password of the different account Click Next 9 Options Certificate for the SSTP Tunnel Designate a certificate to...

Страница 14: ... to Sites and then the name of your MOVEit Transfer website In most cases that is moveitdmz 3 In the right pane choose Bindings 4 In the Site Bindings dialog choose https 5 Choose Edit 6 In the Edit Site Binding dialog choose SSLCertificate View 7 In the Certificate dialog choose the Details tab 8 Choose Copyto File 9 In the Certificate Export Wizard choose Next 10 In the Export Private Key window...

Страница 15: ...l or not trust and not import it I trust this certificate Import this certificate into the local trusted certificate store Automatically imports and trusts the SSTP certificate I do not trust this certificate Do not import this certificate Does not import the SSTP certificate You must import the certificate manually This option is not often used Situations where you might select this option includ...

Страница 16: ...ps shown take similar steps for other browsers Note You cannot perform this step remotely You must be on the Ipswitch Gateway server to set up the first Endpoint 3 ConfigureEndpoint Enter information about a MOVEit Transfer server Endpoint IP Address The IP address entered here should be 192 168 1 2 which is the IP address of the MOVEit Transfer server on the tunnelconnection Do NOT use the actual...

Страница 17: ... for both fresh installs and upgrades If you have not yet installed this new MOVEit license you will see the message License Not Found You will be prompted to upgrade your MOVEit Transfer license and Retry Log in to the MOVEit Transfer server as sysadmin or orgadmin and click Submit After checking ciphers the Endpoint is verified The verification process willreoccur automatically whenever the syst...

Страница 18: ...it Transfer directly if there is a second interface that is marked as private by Windows Note that network interfaces including the one used to connect to Gateway are created as public by default in Windows So the customer would have to go out of their way to mark the second interface if any as private Incoming connections through the tunnelare regarded as private Step 1 Gateway ServerFirewall Rul...

Страница 19: ...Install 15 h Port 10443 SSTP Tunnel 2 Under the Scope tab modify the Remote IP Address for port 10443 to only allow connections from the MOVEit Transfer server IP address for example 192 168 196 237 ...

Страница 20: ...d for public network locations Step 2 MOVEit TransferServerFirewall Rules 1 Modify the pre defined inbound port rules for the following ports and set them to only apply to the private network profile a MOVEit DMZ FTP b MOVEit DMZ SSH c World Wide Web Services HTTP Traffic In ...

Страница 21: ...Install 17 d World Wide Web Services HTTPS Traffic In ...

Страница 22: ...switchGateway User s Guide 2 Create a new public network inbound port rule to block incoming connections for allports 3 Verify that the firewall state is enabled for both public and private network locations ...

Страница 23: ...er and try to connectto the MOVEit Transfer server IP address Note If the firewall rules have been correctly defined the connection to the MOVEit Transfer server IP address should time out Test 2 2 Open a web browser on the Gateway server and try to connectto the Gateway server IP address ...

Страница 24: ...20 IpswitchGateway User s Guide Note If the firewall rules have been correctly defined the connection to the MOVEit Transfer server IP address should succeed ...

Страница 25: ...nel If the firewall is not an external firewall but rather is an operating system based firewalllike Windows Firewall that is aware of private networks then this rule should apply only to public networks Next return to Configure the Firewall on page 13 Step3 Verify Firewall Rules Web Farm Install To install Ipswitch Gateway in a MOVEit Transfer web farm firstcreate the MOVEit Transfer web farm as ...

Страница 26: ...lect Step1 Install a Gateway server outside firewall and a server side SSTP tunnel Click Next The installer looks for prerequisite software 6 System Check The installer verifies the following Operating System Version The machine must be running the Windows Server 2012R2 or Server 2016 operating system Routing and Remote Access Service A Windows server is required to properly configure the the Rout...

Страница 27: ...fault 9443 is a good choice for most systems Click Next 8 Options Service LogonAccount Designate which account Ipswitch Gateway should use to run the Gateway service process Local System account Different account Enter the username and password of the different account Click Next 9 Options SSTP Tunnel Certificate Designate a certificate to use for the Secure Socket TunnelProtocol SSTP connection A...

Страница 28: ...ter s certificate store before continuing with the installation Click Next 8 Options Gateway Server Address Enter the Gateway Server Address or hostname to establish a connection Important What you enter here must be identical to what you entered for IP address or hostname in Step 1 on page 8 Options Gateway Configuration Interface System generated self signed certificate Certificate Name Click Ne...

Страница 29: ...led under EAP Types The Endpoint page shows details about the MOVEit Transfer Endpoint and its associated proxies Ipswitch Gateway 1 1 supports only one Endpoint Initially only three default proxies display for the Endpoint one for each protocoltype FTP HTTP and SSH SFTP A proxy listens on a port for traffic of a certain protocoltype and forwards traffic of that type to the Endpoint There are usua...

Страница 30: ...ete allof the Endpoint s proxies too evenifthey are running You cannotundo the deletionofthe Endpoint Ifyou delete the Endpoint you llbe promptedto configure and verify an Endpoint aftersign in 3 TransferRate The averagenumberofbytes transfered persecond byallofthe Endpoint s proxies upload and download for1 minute 5 minute and 15 minute intervals Numbers are moving averages foreach time period Cl...

Страница 31: ...o the Endpointonly through a runningproxy You must stopa proxy before editing theEndpointordeletinga key that theproxy uses An errorindicatordisplaysforproxies that could not be restartedon reboot 10 Actions Edit Change any of the proxy settings you selected when creating the proxy suchas the proxy name Listen On IP address and port Key and Send to Port Note You must stop a proxy before you can ed...

Страница 32: ...ing that endpoint will automatically point to the new IP address if any MOVEit TransferServerChanges If the MOVEit Transfer server s certificate identity changes or the MOVEit Transfer server location moves from one machine to another go to the Ipswitch Gateway computer sign in to the Gateway Configuration Interface and fromthe sign in page click Re verify or Delete to reconfigure that Endpoint Ad...

Страница 33: ...and enter the Gateway VM s public IP address The connection port is determined by the passive port range which can be configured in the Settings on page 32 tab HTTP Listen On Port Default port is 433 If you installed MOVEit Mobile add a proxy listening on 8443 to route traffic to the Mobile Server in the trusted zone Client Cert Port This port accepts HTTPS requests from the user during client cer...

Страница 34: ... the port number of the MOVEit Transfer server to which the proxy will send data The default for HTTP is 443 the default for FTP is 990 and the default for SSH SFTP is 22 6 Click Save The proxy displays beneath the Endpoint The status of newly added proxies is Stopped Click Keys and Certs to view all keys uploaded to the Ipswitch Gateway keystore Initially the Keys and Certs list will is empty You...

Страница 35: ...cessfulimport the new key displays in the Keys list Duplicate Keys warning If you uploaded the same key twice you llsee a yellow Duplicate Keys warning notifying you that the key has already been uploaded You can either upload another key file or return to the Key List Key Conflicts warning If the key you uploaded conflicts with the alias name of another key in the Ipswitch Gateway keystore you ll...

Страница 36: ... a proxy On the Keys and Certs page click the boxed number to view the specific proxies using that key To delete a key click and select Delete then confirm the deletion Reset an SSH Key 1 Go to the Endpoints on page 25 page and stop the ssh sftpproxy 2 Return to the Keys and Certs on page 30 page and delete the SSH key on page 32 3 Go back to the Endpoint page and start the ssh sftpproxy to genera...

Страница 37: ...pswitch Inc Allrights reserved This document as wellas the software described in it is furnished under license and may be used or copied only in accordance with the terms of such license Except as permitted by such license no part of this publication may be reproduced photocopied stored on a retrievalsystem or transmitted in any form or by any means electronic mechanical recording or otherwise wit...

Отзывы:

Нет отзывов

Похожие инструкции для Gateway 2017 Plus

8841 - eServer xSeries 236

Бренд: IBM Страницы: 100

Link Manager 4010-43

Бренд: Point Six Страницы: 131

88631SU - System x3850 - 8863

Бренд: IBM Страницы: 90

Бренд: B&B Electronics Страницы: 67

HS21 XM BLADECENTER - L5408 FOR SPEC CPU2006

Бренд: IBM Страницы: 1

UltraNEXUS-HD Flex

Бренд: Leightronix Страницы: 5

Бренд: TYANO Страницы: 102

Бренд: Hamlet Страницы: 76

BocaVision WT120

Бренд: Boca Systems Страницы: 28

Бренд: Atop Страницы: 52

Бренд: StarTech.com Страницы: 24

PRIMERGY PG-RSBOP2

Бренд: Fujitsu Страницы: 68

SPARC Enterprise T5440 Server

Бренд: Fujitsu Страницы: 92

SPARC Enterprise T5140

Бренд: Fujitsu Страницы: 138

SPARC Enterprise T5440 Server

Бренд: Fujitsu Страницы: 214

SPARC Enterprise T5140

Бренд: Fujitsu Страницы: 130

Бренд: Fujitsu Страницы: 514

Бренд: Gigabyte Страницы: 108

Бренды по названию

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Популярные бренды

Загрузить еще бренды