Using DMZ Gateway as an Outbound Proxy

DMZ Gateway's primary use is as an inbound proxy. Outbound connections that originate from EFT Server Enterprise will route through normal network mechanisms to reach the destination; however, it is possible to configure EFT Server's Event Rules using the Copy/Move file to host Action to use the DMZ Gateway Enterprise as an outbound proxy.

To configure an Event Rule to use DMZ Gateway Enterprise as an outbound proxy

1. Follow the procedure in Creating Event Rules, or select the rule to which you want to add the Action. For example, create a Scheduler (Timer) Event.

2. In the right pane, in the Actions list, click Copy/Move (push) file to host.
   
   

3. In the Rule pane, click one of the undefined parameters (e.g., '%FS.PATH%').



The Offload Action Wizard appears.



4. On the Offload method box, specify a protocol type for the connection: Local (Local File or LAN), FTP (standard File Transfer Protocol), FTP SSL/TLS (AUTH TLS), FTP with SSL (Explicit encryption), FTP with SSL (Implicit encryption), SFTP using SSH2 (Secure Shell), HTTP (HyperText Transfer Protocol), HTTPS (Secure HTTP access).

5. If you chose anything but Local do the following; otherwise, skip to step 12.

1. In the Host address box, type the IP address.

2. The Port number for the selected protocol changes automatically based on the offload method. Provide a different port number, if necessary.

3. Provide the Username and Password needed to establish the connection.

6. Select the Use connected client's login credentials to authenticate check box if you want to use the local system account to authenticate.

7. If you chose SFTP:

1. In the SFTP Public Key File Path box, type the path or click the open icon to browse to and select the path.

2. In the SFTP Private Key File Path box, type the path or click the open icon to browse to and select the path.

3. In the SFTP Key Passphrase box, provide the key's passphrase.

8. If are connecting to a remote host through a SOCKS server, click SOCKS.



1. Specify the Socks Type (SOCKS4 or SOCKS5).

2. Specify the Host name and Port.

3. If you specified SOCKS5 and the server requires authentication, select the Use Authentication check box, then provide a Username and Password.

4. Click OK to return to the Offload Action Wizard.

9. Click Proxy.



10. Select the Use proxy settings below when connecting to remote host check box, click Use EFT Server's DMZ Gateway as the proxy, then click OK to close the Proxy Settings dialog box.

11. To specify transfer options and time stamps, click Advanced. The Advanced Options dialog box appears.



1. In the General transfer options area, you can provide more control over Max concurrent transfer threads, Connection timeout, Connection retry attempts, and Delay between retries. When files are being transferred with Event Rules (copy/move), if there are connection problems (e.g., the network is unavailable), the Server will attempt to establish a connection the number of times specified in Connection retry attempts. When the Server is able to re-establish the connection, it continues to transfer the file even if there are multiple interruptions.

2. Select the Validate file integrity after transfer check box to specify that the Server should double check binary files to ensure the files downloaded completely and correctly.

3. In the Data port mode box, click the drop-down list and select one of the following:

   • Auto - (selected by default) the Server initially makes connections in PASV mode. If the PASV connection fails, the Server attempts to connect in PORT mode automatically.

   • PASV - Helps avoid conflicts with security systems. PASV support is necessary for some firewalls and routers, because with PASV, the client opens the connection to an IP Address and port that the Server supplies.

   • PORT - Use PORT when connections or transfer attempts fail in PASV mode, or when you receive data socket errors. When a client connects using PORT, the Server opens a connection to an IP address and port that the client supplies. If you select Port, specify the Port range.

4. In the ASCII transfer mode area, specify the file types that can be transferred. TXT, INF, HTML, and HTM are specified by default.

5. In the Time stamps area, select one of the following:

• Select the Preserve remote time stamp for downloaded files check box to keep a downloaded file's time stamp the same on the local computer as it is on the Server.

• Select the Preserve the local time stamp for uploaded files if the Server allows MDTM check box to keep an uploaded file's time stamp the same on the Server as it is on the local computer.

6. Click OK.

12. Click Next. The Source File Path page appears.



13. In the Source path box, provide the path to the file(s) that you want to offload. (No validation is performed.) For example, type:
     /pub/usr/jsmith/file.txt or \\mydomain\common\jsmith\file.txt

14. If you want to Delete source file after it has been offloaded, select the check box.

15. Click Next. The Destination File Path page appears.



16. In the Destination path box, click the open icon  and specify the location in which to save the offloaded file. (No validation is performed.)

• You can also specify variables, such as \pub\usr\%USER.LOGIN%\%FS.FILE.NAME%.

In the Variables box, double-click the variable(s) that you want to add to the path.

17. Click Finish then click Apply to save the changes on the Server and/or add other Actions and Conditions to the Rule.

If you are copying or moving the file to another location, and the file upload is a regularly occurring event with a file of the same name, in the Offload Action wizard, add the variables %EVENT.DATESTAMP% and/or %EVENT.TIMESTAMP% to the path so that the date (YYYYMMDD) and/or time (HHMMSS) are added to the filename when it is moved/copied. Do not use %EVENT.TIME%, because the colon (e.g., 28 Aug 07 10:01:56) makes it unsuitable for file naming.

For example, in the Offload Action wizard, in the Destination path box, provide the path and variables. For example, type:

C:\Documents and Settings\Administrator\My Documents\upload/%EVENT.DATESTAMP%_%EVENT.TIMESTAMP%_%FS.FILE_NAME%

With this path and variables, when a file is uploaded to the monitored folder, the file is moved to \My Documents\upload and the date and time are prepended to the filename. For example, 20080422_101212_mydailyprogress.doc.

To create a custom authentication method for a proxy server

1. In the Advanced Proxy Settings dialog box, click Custom, then specify the login sequence in the text box using the following variables:

• %host% - sends the host name you typed in the Proxy server options dialog box.

• %user% - sends the user name you typed in the Proxy server options dialog box.

• %pass% - sends the password you typed in the Proxy server options dialog box.

• %port% - sends the port number you typed in the Proxy server options dialog box.

• %fire_pass% - sends the password you typed in the Proxy server options dialog box as authentication for the firewall.

• %fire_user% - sends the user name you typed in Proxy server options dialog box as authentication for firewall.

2. Type each variable with percent signs before and after.

3. Press ENTER to separate commands.

4. Type any other commands and variables, separating commands with a line break (press ENTER).

5. Click OK.

Contact your system administrator for the proper Host name, Port, User name, Password, and proxy type, as well as any required advanced authentication methods.