Configuring the ProxySG / ASG to upload access-logs securely to a FTPS Server.

This example will use a FileZilla Server and it will be configured to be a FTPS server.

ProxySG will then upload logs to the FileZilla FTPS Server.

Note: FileZilla is not Broadcom software, nor is it supported by Broadcom. This information is provided "as-is".

To upload ProxySG logs over FTPS:

1. Install FileZilla Server edition. Launch FileZilla server interface and click Users.

2. Click Add Users and enter a username.

3. On General, select Password and enter password for the created username.

4. On Shared folders, select the created username and click Add Shared Folders. Browse to a local directory (for example, D:\).

5. Click Set as home dir and check both Read, Write.

6. On FileZilla server interface, go to Edit > Settings.

7. From FileZilla Server Options > FTP over TLS settings, select Enable FTP over TLS support (FTPS). Click Generate new certificate.

8. Select 2048 bit for Key size. Complete all information and save the certificate to a local directory such as D:\ftp. Make sure that the Common Name of this certificate corresponds to the IP address of the FTP server. To use a hostname or FQDN, make sure that it is resolvable by DNS from your ProxySG appliance.

9. Click Generate certificate, which prompts a message: Certificate generated successfully.

10. From FileZilla Server Options > SSL/TLS settings, the Private key file and Certificate file are navigated to certificate directory.

11. Access to certificate directory on server (for example, D:\ftp). Locate the generated certificate certificate.crt.

12. Open certificate.crt using Notepad and locate the following sections:

-----BEGIN RSA PRIVATE KEY-----
-----END RSA PRIVATE KEY-----

-----BEGIN CERTIFICATE-----
-----END CERTIFICATE----

Copy everything from -----BEGIN CERTIFICATE----- to -----END CERTIFICATE-----.

 

13. Log in to the ProxySG appliance Management Console and select Configuration > SSL > CA Certificates > CA Certificates > Import. Enter a name and paste the content into CA Certificate PEM section. Click OK.

14. Click View and verify the Subject and Issuer of the imported certificate.

15. For SGOS 6.7 and later, add the newly added FTPS Server Certificate into the browser-trusted CA Certificates Lists:

Configuration > SSL > CA Certificates > CA Certificates Lists > browser-trusted > Edit; the newly added Cert is on the left. Click Add >>.
 

16. Select Configuration > Access Logging > Logs > Upload Client > FTP Client > Settings.

17. Enter the FTPS server information. Sample:

Host: 10.105.13.150
Port: 21
Path: Username: root
Change primary Password: *********
Check “Use secure connection (SSL)”
Check “Use PASV”

18. Click Test upload.

19. Verify by checking the event logs on the proxy and also the FileZilla Server logging.