How to configure CA APIM gateway as a SFTP proxy
Article ID: 113410
Updated On:
Products
STARTER PACK-7
CA Rapid App Security
CA API Gateway
Issue/Introduction
This article provide an example to use SSH2 assertions to route SFTP requests.
Environment
Release:
Component: APIGTW
Component: APIGTW
Resolution
SFTP Configuration Guide
Sftp Policy
/sftp policy will route the sftp request to the remote sftp server.When sftp client login in gateway, it should use gateway account (Figure 11.);
When gateway login sftp server, it should use the account on sftp server (Figure 5), save the sftp password in Manage Stored Passwords.
- /sftp policy
Figure 1.
<Please see attached file for image>
- Require SSH Credentials assertion (line 2)
Figure 2.
<Please see attached file for image>
- Configure Message Streaming assertion (line 4)
Figure 3.
<Please see attached file for image>
- Route via SSH2 assertion(line 5)
When gateway login sftp server, will use the account on sftp server (Figure 5), save the sftp password in Manage Stored Passwords.
Figure 4.
<Please see attached file for image>
Figure 5.
<Please see attached file for image>
Figure 6.
<Please see attached file for image>
Listen port for SFTP
Associate port 2223 with /sftp policy (Figure 1.).The Host private key can be auto generate in Manage Stored Passwords (Figure 9.)
Figure 7.
<Please see attached file for image>
Figure 8.
<Please see attached file for image>
Figure 9.
<Please see attached file for image>
Figure 10.
<Please see attached file for image>
Configure sftp client (winscp)
The username/password depend on the authentication assertion in /sftp policy line 3 (Figure 1.)The port number depends on the Listen port configuration on gateway (Figure 7.)
Figure 11.
<Please see attached file for image>
Attachments
Feedback
Yes
No
Powered by
