SFTP on CSS

Answered Question
Sep 2nd, 2008

Hi,


I have a doubt about the SFTP configuration on CSS. If I would like to configure the CSS in transparent mode regarding to SFTP protocol. I mean, without configuring ssl offload on CSS.

Moreover, is there a specific port that I have to configure for SFTP?


I hope I explained well. If not, I'm available for any question.


Thank you very much.


Best regards.


Giuseppe

Correct Answer by Syed Iftekhar Ahmed about 8 years 6 months ago

You cannot offload SFTP on CSS but Loadbalancing SFTP as LAyer 4 traffic should be fine.

SFTP is nothing but SSH (it doesnt use seperate control & data channels like FTP or FTPS)


SFTP works on port 22, so you need to configure a specific content rule on port 22 for the

SFTP traffic, and as I said earlier since SFTP traffic comes encrypted, the content

rule should be layer 4.


For example:


content sftp

protocol tcp

port 22

vip address 192.168.1.1

add service sftpserv1

add service sftpserv2

active


HTH

Syed Iftekhar Ahmed

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
Syed Iftekhar Ahmed Tue, 09/02/2008 - 09:18

You cannot offload SFTP on CSS but Loadbalancing SFTP as LAyer 4 traffic should be fine.

SFTP is nothing but SSH (it doesnt use seperate control & data channels like FTP or FTPS)


SFTP works on port 22, so you need to configure a specific content rule on port 22 for the

SFTP traffic, and as I said earlier since SFTP traffic comes encrypted, the content

rule should be layer 4.


For example:


content sftp

protocol tcp

port 22

vip address 192.168.1.1

add service sftpserv1

add service sftpserv2

active


HTH

Syed Iftekhar Ahmed

gpangallo Wed, 09/03/2008 - 01:32

Hi Syed,


Thank you very much for your help. I have only a question. When I configure the content rule for this service can I use the command "application-control ftp"?


I'd appreciate your answer.


Best regards.


Giuseppe.

Syed Iftekhar Ahmed Wed, 09/03/2008 - 08:37

You don't need to.

This command is use for FTP only. FTP uses two separate channels and this command ensures that CSS can read the server response and make apprpriate holes in CSS for data traffic. Its similar to inspect ftp in Firewall.


Syed Iftekhar Ahmed



Actions

This Discussion