Table of Contents
Advertisement
Quick Links
Advertisement
Table of Contents
Summary of Contents for GlobalSCAPE DMZ Gateway v3.1
- Page 1 ® GlobalSCAPE DMZ Gateway v3.1 User Guide Module for EFT Server...
- Page 2 GlobalSCAPE, Inc. (GSB) 4500 Lockhill-Selma Road, Suite 150 Address: San Antonio, TX (USA) 78249 Sales: (210) 308-8267 Sales (Toll Free): (800) 290-5054 Technical Support: (210) 366-3993 Web Support: http://www.globalscape.com/support/ © 2004-2011 GlobalSCAPE, Inc. All Rights Reserved Last Updated: April 1, 2011...
-
Page 3: Table Of Contents
Table of Contents Introduction to GlobalSCAPE DMZ Gateway ....................5 How Does it Work? ............................ 5 Technical Details ............................6 DMZ Gateway Initialization and Connection Diagrams ................7 What's New in DMZ Gateway ........................12 Installing DMZ Gateway ..........................13 System Requirements for DMZ Gateway v3 ................... - Page 4 DMZ Gateway User Guide Managing the DMZ Gateway Server Service ..................36 Viewing Statistics ............................. 36 Peer Notification Channels ........................37 Client Listeners ............................ 37 Statistics ............................... 38 DMZ Gateway Logging ..........................39 DMZ Gateway Communications Activity Logging ................39 DMZ Gateway Server Diagnostics Logging ..................
-
Page 5: Introduction To Globalscape Dmz Gateway
Introduction to GlobalSCAPE DMZ Gateway GlobalSCAPE DMZ Gateway is designed to reside in the demilitarized zone and provide secure ® communication with a server behind intranet firewalls without requiring any inbound firewall holes between the internal network and the DMZ, and with no sensitive data stored in the DMZ, even temporarily. -
Page 6: Technical Details
DMZ Gateway User Guide Technical Details The DMZ Gateway routes all client data to the server over the server-initiated socket without any translation or modification to the packet’s payload. Thus, if the client is using HTTPS, then HTTPS traffic goes over that streaming connection. Unlike a network hardware bridge/router device, the DMZ Gateway does not "pass through"... -
Page 7: Dmz Gateway Initialization And Connection Diagrams
DMZ Gateway Initialization and Connection Diagrams The diagrams below illustrate the initialization and connection sequences for DMZ Gateway and EFT Server communication. - Page 8 DMZ Gateway User Guide...
- Page 9 What's New in DMZ Gateway...
- Page 10 DMZ Gateway User Guide...
- Page 11 What's New in DMZ Gateway...
-
Page 12: What's New In Dmz Gateway
DMZ Gateway User Guide What's New in DMZ Gateway DMZ Gateway was completely rebuilt for version 3. DMZ Gateway can now be installed not only on Windows, but also on RedHat, SuSE Linux, and Solaris, on 32-Bit or 64-Bit operating systems. (For a list of supported operating systems, refer to System Requirements for DMZ Gateway.) -
Page 13: Installing Dmz Gateway
Uninstalling DMZ Gateway System Requirements for DMZ Gateway v3 The GlobalSCAPE Quality Assurance team tests our products with a variety of operating systems, software, and hardware. It is possible for DMZ Gateway to function with other operating systems, software, and hardware, but is only tested and approved for use with the following: ... -
Page 14: Installing Dmz Gateway On A Windows System
DMZ Gateway and the connecting server must be installed on separate computers. For details of installing DMZ Gateway in a cluster configuration, refer to http://help.globalscape.com/help/guides/InstallingDMZGatewayInCluster.pdf. If a previous product version is installed, the installer prompts you to uninstall the previous version before installing the new version. - Page 15 Installing DMZ Gateway 5. If an existing installation is detected, refer to Upgrading or Repairing DMZ Gateway. Otherwise, the Choose Installation Location page appears. 6. The Destination Folder box displays the default location. Keep the default displayed in the box or click Browse to specify a different location.
- Page 16 DMZ Gateway User Guide A shortcut to open the DMZ Gateway interface will be installed on the Start menu in a folder called GlobalSCAPE. You can keep this default location or specify a different location in which to install the shortcut.
-
Page 17: Installing Dmz Gateway On A Non-Windows System
Installing DMZ Gateway The Start the Administration Interface, Create a desktop shortcut, and Start the DMZ Gateway Server service check boxes are selected by default. Select the Show version history check box if you want to read the release notes. (You can also access the release notes in the installation folder.) 11. -
Page 18: Installing Dmz Gateway On Redhat Or Suse Linux 32-Bit Or 64-Bit
DMZ Gateway User Guide Installing DMZ Gateway on RedHat or SuSE Linux 32-Bit or 64-Bit To install DMZ Gateway 1. Transfer the DMZ Gateway Linux x86 installer archive to a convenient directory on the target machine. 2. On the target machine, open a terminal window. The installation package must be run with root privileges. -
Page 19: Solaris X86 32-Bit Or 64-Bit
Installing DMZ Gateway If you start the service, you can execute the DMZ Gateway Administration interface script (e.g., type: /opt/dmzgateway/bin/DMZGatewayAdmin). Refer to the example below for details of the installation process. Solaris x86 32-Bit or 64-Bit To install DMZ Gateway 1. - Page 20 Executing: /etc/init.d/dmzgatewayd start -n Starting DMZ Gateway Server... == Installation Complete == The GlobalSCAPE, Inc. DMZ Gateway is now installed. The DMZ Gateway Server daemon service may be controlled using the "dmzgatewayd" script: /opt/dmzgateway/bin/dmzgatewayd The DMZ Gateway Administration Interface may be started using the script:...
-
Page 21: Activating Dmz Gateway
Installing DMZ Gateway Activating DMZ Gateway DMZ Gateway licensing is activated in the connecting server, not DMZ Gateway, which accepts connections from any licensed server. For example, a Single-Site license enables one EFT Server Site or a Mail Express Server to connect to any available DMZ Gateway. A Multi-Site license enables one or more Sites from EFT Server Enterprise to connect to any available DMZ Gateway. -
Page 22: Ubuntu Linux
DMZ Gateway User Guide Ubuntu Linux After creation of the /etc/init.d/dmzgatewayd symbolic link, the update-rc.d command can be used to register and deregister the script for system startup/shutdown. To register the script The following command may be used as root: update-rc.d dmzgatewayd defaults To deregister the script ... - Page 23 Installing DMZ Gateway 3. Launch the installer. The installer will detect an existing installation. After accepting the End-User License Agreement the following dialog box appears: Click one of the following, then click Next: Keep existing configuration and uninstall the older version Use a default configuration and uninstall the older version ...
-
Page 24: Uninstalling Dmz Gateway
DMZ Gateway User Guide 4. Click Upgrade DMZ Gateway, then click Upgrade. 5. Follow the prompts to finish the upgrade. Refer to Installing DMZ Gateway, if necessary. To reinstall DMZ Gateway 3.x on Windows systems 1. Close the Administration interface. 2. -
Page 25: Redhat Enterprise Linux, Suse Linux, Or Solaris X86 32-Bit Or 64-Bit
Installing DMZ Gateway RedHat Enterprise Linux, SuSE Linux, or Solaris x86 32-Bit or 64-Bit You can uninstall DMZ Gateway using the Uninstall.sh script located in the <InstallDir>/bin directory. To uninstall DMZ Gateway 1. On the target machine, open a terminal window. The uninstall script must be run with root privileges. - Page 26 DMZ Gateway User Guide Executing: /etc/init.d/dmzgatewayd stop Stopping DMZ Gateway Server... Stopped DMZ Gateway Server. == Deregister Service == The installation script can attempt to deregister the DMZ Gateway Server daemon service (dmzgatewayd) from automatic startup and shutdown. Deregister the DMZ Gateway Server daemon service? [yes or no]: yes [ENTER] Removing /etc/init.d/dmzgatewayd symbolic link...
-
Page 27: Administering Dmz Gateway
Administering DMZ Gateway The topics in this section provide instructions for administering DMZ Gateway. DMZ Gateway Components DMZ Gateway System Files The DMZ Gateway Administration Interface Starting and Stopping the DMZ Gateway Server Service Specifying the Listening IP Addresses ... -
Page 28: Dmz Gateway System Files
DMZ Gateway User Guide Controlling the Server Service/Daemon DMZ Gateway System Files The following file names can be observed when running DMZ Gateway: On Windows Systems: In the Windows Services dialog box: DMZ Gateway Server is the DMZ Gateway service. -
Page 29: Starting The Dmz Gateway Server Service
Administering DMZ Gateway In the default view, with All Profiles selected, the right pane displays the status of the DMZ Gateway service and the status of the Profile selected in the tree. When a Profile is selected, the right pane displays configuration information in addition to status. ... -
Page 30: Specifying The Listening Ip Addresses
DMZ Gateway User Guide In the DMZ Gateway administration interface, you can start and stop the service from the Server menu or using the toolbar controls. Specifying the Listening IP Addresses For each DMZ Gateway Profile, you specify 2 IP addresses: 1. -
Page 31: Creating A Profile
Administering DMZ Gateway Now, if Site 2 should disconnect for some reason (perhaps it was deleted), IP 2:21 is now considered available. The DMZ Gateway will detect this and update the communications listeners so that Profile 1 will listen for client connections on IP 1:21, IP 2:21, and IP 3:21. Refer to Creating a Profile Editing a Profile... - Page 32 DMZ Gateway User Guide 4. In the Listening IP for incoming Clients box, click the down arrow to select an IP address or All Available. (Only the IP addresses defined on this computer appear in this box.) 5. In the Listening IP for Server box, click the down arrow to select an IP address or All Available. (Only the IP addresses defined on this computer appear in this box.) (All Available means that DMZ Gateway will listen on the IP address/port combination ONLY IF that IP address/port combination is not already being used by another Profile.
-
Page 33: Renaming A Profile
Administering DMZ Gateway For example, if you want to allow only 192.168.174.159 and block every other IP address, click Denied access, click Add, then type 192.168.174.159 in the IP Mask box. This will deny access to all IP addresses except 192.168.174.159. 9. -
Page 34: Editing A Profile
DMZ Gateway User Guide Editing a Profile When you create a new Profile, you define the listening IP address for remote connecting clients, the listening IP address and port for the server inside your network, and any IP addresses exceptions. After the Profile is created, you can edit the Profile's configuration as necessary. -
Page 35: Controlling Access By Ip Address
Administering DMZ Gateway Specify the IP addresses or IP mask of servers that are allowed or denied access. 6. In the toolbar, click Apply Changes. If the IP address and port pair are not unique, an error message appears; otherwise, the DMZ Gateway will allow the server to connect. If you have made multiple edits, you can revert to the last-saved state by clicking Revert Changes (undo) before clicking Apply Changes. -
Page 36: Managing The Dmz Gateway Server Service
DMZ Gateway User Guide 4. To configure exceptions, click Granted access or Denied access. If most IP addresses are allowed access, click Granted access, then add the exceptions (IP addresses that are not allowed access). If most IP addresses are denied access, click Denied access, then add the exceptions (IP addresses that are allowed access). -
Page 37: Peer Notification Channels
Profile or All Profiles. If All Profiles is selected, a Profile column displays the name of the applicable Profile. (For more about Peer Notification, refer to Introduction to GlobalSCAPE DMZ Gateway.) The following icons provide an indication of status: ... -
Page 38: Statistics
DMZ Gateway User Guide The following icons provide an indication of status: Listening Inactive Warning Error The following columns displayed on the tab can be sorted by clicking the column header: PNC Address - IP address on which connecting clients connect to DMZ Gateway ... -
Page 39: Dmz Gateway Logging
All logging functionality in DMZ Gateway comes preconfigured with the optimal settings. The information below is provided to help you understand what is in the logs. When necessary, modifying the configuration for the logging functionality should only be performed with the aid of GlobalSCAPE Customer Support. -
Page 40: Dmz Gateway Server Diagnostics Logging
DMZ Gateway User Guide status – The status of the message where a value of 0 indicates a failure or error and a value of 1 indicates success. rs-ip – The remote server IP Address and Port number. This represents the peer server connected to the Peer Notification Channel. -
Page 41: Dmz Gateway Server Event Viewer (Windows Operating Systems Only)
Administering DMZ Gateway The statistical data includes the following fields: Timestamp – the date and time the row was generated Profile – the Profile to which the row of statistical data pertains Server – the Peer Server (e.g. EFT Server) to which the row of statistical data pertains ... -
Page 42: Dmz Gateway Administration Interface Logging
DMZ Gateway User Guide On Solaris systems, it may be necessary to configure the syslog daemon to include logging of the LOG_USER facility. Typically, you can edit the /etc/syslog.conf file as root and add a line such as: user.info /var/admin/message Replace <tab>... -
Page 43: Communicating With Eft Server Or Mail Express Server
Communicating with EFT Server or Mail Express Server The topics in this section provide details of communication between DMZ Gateway and EFT Server or Mail Express Server. DMZ Gateway in EFT Server DMZ Gateway in Mail Express Routing AS2 Traffic through DMZ Gateway ... - Page 44 DMZ Gateway User Guide 4. Select the Enable the DMZ Gateway as a proxy check box. 5. In the DMZ Gateway address box, specify the IP address of the DMZ Gateway to which you are connecting. 6. In the Port box, specify the port number over which EFT Server is to connect to DMZ Gateway. The default port is 44500.
-
Page 45: Configuring The Dmz Gateway Connection In Mail Express
Communicating with EFT Server or Mail Express Server If EFT Server cannot connect to DMZ Gateway, ensure that the EFT Server computer can connect to the DMZ Gateway computer by pinging it. Verify that the DMZ Gateway firewall is not blocking incoming connections. 10. - Page 46 DMZ Gateway User Guide DMZ Gateway events are logged in the Mail Express Event log. Before you can use DMZ Gateway with Mail Express Server, you have to provide Mail Express with the DMZ Gateway connection information. To configure the DMZ Gateway information 1.
-
Page 47: Routing As2 Traffic Through Dmz Gateway
Communicating with EFT Server or Mail Express Server If the connection to DMZ Gateway was lost (e.g., due to network errors), you can click Reconnect or wait 30 seconds for the Mail Express Server to automatically try to reconnect. Routing AS2 Traffic through DMZ Gateway Using the DMZ Gateway as proxy is available only in EFT Server Enterprise. - Page 48 DMZ Gateway User Guide 4. On the Offload method box, specify a protocol type for the connection: Local (Local File or LAN), FTP (standard File Transfer Protocol), FTP SSL/TLS (AUTH TLS), FTP with SSL (Explicit encryption), FTP with SSL (Implicit encryption), SFTP using SSH2 (Secure Shell), HTTP (HyperText Transfer Protocol), HTTPS (Secure HTTP access).
- Page 49 Communicating with EFT Server or Mail Express Server a. Specify the Socks Type (SOCKS4 or SOCKS5). b. Specify the Host name and Port. c. If you specified SOCKS5 and the server requires authentication, select the Use Authentication check box, then provide a Username and Password. d.
- Page 50 DMZ Gateway User Guide a. In the General transfer options area, you can provide more control over Max concurrent transfer threads, Connection timeout, Connection retry attempts, and Delay between retries. When files are being transferred with Event Rules (copy/move), if there are connection problems (e.g., the network is unavailable), the Server will attempt to establish a connection the number of times specified in Connection retry attempts.
- Page 51 Communicating with EFT Server or Mail Express Server 12. Click Next. The Source File Path page appears. 13. In the Source path box, provide the path to the file(s) that you want to offload. (No validation is performed.) For example, type: /pub/usr/jsmith/file.txt or \\mydomain\common\jsmith\file.txt 14.
- Page 52 DMZ Gateway User Guide 16. In the Destination path box, click the open icon and specify the location in which to save the offloaded file. (No validation is performed.) You can also specify variables, such as \pub\usr\%USER.LOGIN%\%FS.FILE.NAME%. In the Variables box, double-click the variable(s) that you want to add to the path. 17.
-
Page 53: Testing The Configuration
Communicating with EFT Server or Mail Express Server %user% - sends the user name you typed in the Proxy server options dialog box. %pass% - sends the password you typed in the Proxy server options dialog box. %port% - sends the port number you typed in the Proxy server options dialog box. -
Page 54: Troubleshooting Dmz Gateway Communication
DMZ Gateway User Guide Troubleshooting DMZ Gateway Communication There are a variety of configurations that can prevent the server and DMZ Gateway from communicating. For example, if the DMZ Gateway computer's firewall is blocking connections, the server will not be able to connect to DMZ Gateway. -
Page 55: Interface Reference
Interface Reference The topics in this section describe the dialog boxes in DMZ Gateway that have Help buttons and provides a list of frequently used commands. IP Address Mask Dialog Box New Profile Wizard--Profile name New Profile Wizard--Peer Server Access ... -
Page 56: New Profile Wizard--Peer Server Access
DMZ Gateway User Guide In the Profile Name box, provide a unique name for this Profile. The name will appear in the interface, logs, error messages, and reports. New Profile Wizard--Peer Server Access Use the Peer Server Access page to specify the IP addresses or IP masks of peer servers who are allowed or denied access to DMZ Gateway. -
Page 57: Frequently Used Commands (Non-Windows)
Interface Reference Frequently Used Commands (non-Windows) The table below describes several commands that you use to administer DMZ Gateway on non-Windows platforms. The commands are described in the applicable procedures in more detail; this table is provided only as a quick reference. Purpose Platform Command example (your file and path names may differ) Install... - Page 58 DMZ Gateway User Guide...
-
Page 59: License, Copyrights, And Release Notes
DMZ Gateway EULA Copyright Information This help file is copyrighted confidential property of GlobalSCAPE, Inc. Copying, use, or disclosure without the express written consent of GlobalSCAPE, Inc. is prohibited. DMZ Gateway Copyright © 2005-2011 GlobalSCAPE, Inc. All rights reserved. - Page 60 DMZ Gateway User Guide...
Need help?
Do you have a question about the DMZ Gateway v3.1 and is the answer not in the manual?
Questions and answers