How to configure CA APIM gateway as a SFTP proxy

Document ID : KB000113410
Last Modified Date : 12/09/2018
Show Technical Document Details
Introduction:
This article provide an example to use SSH2 assertions to route SFTP requests.
Instructions:
SFTP Configuration Guide
 
 

Sftp Policy

/sftp policy will route the sftp request to the remote sftp server.
When sftp client login in gateway, it should use gateway account (Figure 11.);
When gateway login sftp server, it should use the account on sftp server (Figure 5), save the sftp password in Manage Stored Passwords.
  1. /sftp policy

Figure 1.

User-added image
  1. Require SSH Credentials assertion (line 2)

Figure 2.

User-added image
  1. Configure Message Streaming assertion (line 4)

Figure 3.

User-added image
  1. Route via SSH2 assertion(line 5)
When sftp client login in gateway, it will use gateway account (Figure 11.);
When gateway login sftp server, will use the account on sftp server (Figure 5), save the sftp password in Manage Stored Passwords.

Figure 4.

User-added image

Figure 5.

User-added image

Figure 6.

User-added image
 
 

Listen port for SFTP

Associate port 2223 with /sftp policy (Figure 1.).
The Host private key can be auto generate in Manage Stored Passwords (Figure 9.)

Figure 7.

User-added image

Figure 8.

User-added image

Figure 9.

User-added image

Figure 10.

User-added image
 

Configure sftp client (winscp)

The username/password depend on the authentication assertion in /sftp policy line 3 (Figure 1.)
The port number depends on the Listen port configuration on gateway (Figure 7.)

Figure 11.

User-added image
 
File Attachments:
sftp_proxy_example.xml