search cancel

How to configure CA APIM gateway as a SFTP proxy

book

Article ID: 113410

calendar_today

Updated On:

Products

STARTER PACK-7 CA Rapid App Security CA API Gateway

Issue/Introduction

This article provide an example to use SSH2 assertions to route SFTP requests.

Environment

Release:
Component: APIGTW

Resolution

SFTP Configuration Guide
 
 

Sftp Policy

/sftp policy will route the sftp request to the remote sftp server.
When sftp client login in gateway, it should use gateway account (Figure 11.);
When gateway login sftp server, it should use the account on sftp server (Figure 5), save the sftp password in Manage Stored Passwords.
  1. /sftp policy

Figure 1.

<Please see attached file for image>

User-added image
  1. Require SSH Credentials assertion (line 2)

Figure 2.

<Please see attached file for image>

User-added image
  1. Configure Message Streaming assertion (line 4)

Figure 3.

<Please see attached file for image>

User-added image
  1. Route via SSH2 assertion(line 5)
When sftp client login in gateway, it will use gateway account (Figure 11.);
When gateway login sftp server, will use the account on sftp server (Figure 5), save the sftp password in Manage Stored Passwords.

Figure 4.

<Please see attached file for image>

User-added image

Figure 5.

<Please see attached file for image>

User-added image

Figure 6.

<Please see attached file for image>

User-added image
 
 

Listen port for SFTP

Associate port 2223 with /sftp policy (Figure 1.).
The Host private key can be auto generate in Manage Stored Passwords (Figure 9.)

Figure 7.

<Please see attached file for image>

User-added image

Figure 8.

<Please see attached file for image>

User-added image

Figure 9.

<Please see attached file for image>

User-added image

Figure 10.

<Please see attached file for image>

User-added image
 

Configure sftp client (winscp)

The username/password depend on the authentication assertion in /sftp policy line 3 (Figure 1.)
The port number depends on the Listen port configuration on gateway (Figure 7.)

Figure 11.

<Please see attached file for image>

User-added image
 

Attachments

1558695924835000113410_sktwi1f5rjvs16icc.jpeg get_app
1558695923170000113410_sktwi1f5rjvs16icb.jpeg get_app
1558695921550000113410_sktwi1f5rjvs16ica.jpeg get_app
1558695919791000113410_sktwi1f5rjvs16ic9.jpeg get_app
1558695918128000113410_sktwi1f5rjvs16ic8.jpeg get_app
1558695916262000113410_sktwi1f5rjvs16ic7.jpeg get_app
1558695914520000113410_sktwi1f5rjvs16ic6.jpeg get_app
1558695912587000113410_sktwi1f5rjvs16ic5.jpeg get_app
1558695910616000113410_sktwi1f5rjvs16ic4.jpeg get_app
1558695908614000113410_sktwi1f5rjvs16ic3.jpeg get_app
1558695906713000113410_sktwi1f5rjvs16ic2.jpeg get_app
1558536793962sftp_proxy_example.xml get_app