Uploading ProxySG appliance access logs over FTPS

book

Article ID: 170543

calendar_today

Updated On:

Products

ProxySG Software - SGOS

Issue/Introduction

Configuring the ProxySG to upload access-logs securely to a FTPS Server.

Environment

This example will use a FileZilla Server and it will be configured to be a FTPS server.

ProxySG will then upload logs to the Filezilla FTPS Server.

Resolution

 

To upload ProxySG logs over FTPS:

  1. Install FileZilla Server edition. Launch FileZilla server interface and click Users.

User-added image

  1. Click Add Users and enter a username.

User-added image

  1. On General, select Password and enter password for the created username.

User-added image

  1. On Shared folders, select the created username and click Add Shared Folders. Browse to a local directory (for example, D:\).

User-added image

  1. Click Set as home dir and check both Read, Write.

User-added image

  1. On FileZilla server interface, go to Edit > Settings.

User-added image

  1. From FileZilla Server Options > FTP over TLS settings, select Enable FTP over TLS support (FTPS). Click Generate new certificate.

User-added image

  1. Select 1024 or 2048 bit for Key size. Complete all information and save the certificate to a local directory such as D:\ftp. Make sure that the Common Name of this certificate corresponds to the IP address of the FTP server. To use a hostname or FQDN, make sure that it is resolvable by DNS from your ProxySG appliance.

User-added image

  1. Click Generate certificate, which prompts a message: Certificate generated successfully.

User-added image

  1. From FileZilla Server Options > SSL/TLS settings, the Private key file and Certificate file are navigated to certificate directory.

User-added image

  1. Access to certificate directory on server (for example, D:\ftp). Locate the generated certificate certificate.crt.

User-added image

  1. Open certificate.crt using Notepad and locate the following sections:
-----BEGIN RSA PRIVATE KEY-----
-----END RSA PRIVATE KEY-----

-----BEGIN CERTIFICATE-----
-----END CERTIFICATE----

 

Copy everything from -----BEGIN CERTIFICATE----- to -----END CERTIFICATE-----.

 User-added image

  1. Log in to the ProxySG appliance Management Console and select Configuration > SSL > CA Certificates > CA Certificates > Import. Enter a name and paste the content into CA Certificate PEM section. Click OK.


User-added image

  1. Click View and verify the Subject and Issuer of the imported certificate.

User-added image

  1. For SGOS 5.4 and later, add the newly added FTPS Server Certificate into the browser-trusted CA Certificates Lists:

Configuration > SSL > CA Certificates > CA Certificates Lists > browser-trusted > Edit; the newly added Cert is on the left. Click Add >>.
 

User-added image

User-added image

  1. Select Configuration > Access Logging > Logs > Upload Client > FTP Client > Settings.

User-added image

  1. Enter the FTPS server information. Sample:
Host: 10.105.13.150
Port: 21
Path: Username: root
Change primary Password: *********
Check “Use secure connection (SSL)”
Check “Use PASV”

 

  1. Click Test upload.


User-added image

  1. Verify by checking the event logs on the proxy and also the FileZilla Server logging.

User-added image

User-added image

Attachments