Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
586
Views
0
Helpful
3
Replies

SFTP on CSS

Go to solution
gpangallo
Level 1
Level 1

‎09-02-2008 05:27 AM

Hi,

I have a doubt about the SFTP configuration on CSS. If I would like to configure the CSS in transparent mode regarding to SFTP protocol. I mean, without configuring ssl offload on CSS.

Moreover, is there a specific port that I have to configure for SFTP?

I hope I explained well. If not, I'm available for any question.

Thank you very much.

Best regards.

Giuseppe

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Syed Iftekhar Ahmed
Level 8
Level 8

‎09-02-2008 09:18 AM

You cannot offload SFTP on CSS but Loadbalancing SFTP as LAyer 4 traffic should be fine.

SFTP is nothing but SSH (it doesnt use seperate control & data channels like FTP or FTPS)

SFTP works on port 22, so you need to configure a specific content rule on port 22 for the

SFTP traffic, and as I said earlier since SFTP traffic comes encrypted, the content

rule should be layer 4.

For example:

content sftp

protocol tcp

port 22

vip address 192.168.1.1

add service sftpserv1

add service sftpserv2

active

HTH

Syed Iftekhar Ahmed

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Syed Iftekhar Ahmed
Level 8
Level 8

‎09-02-2008 09:18 AM

You cannot offload SFTP on CSS but Loadbalancing SFTP as LAyer 4 traffic should be fine.

SFTP is nothing but SSH (it doesnt use seperate control & data channels like FTP or FTPS)

SFTP works on port 22, so you need to configure a specific content rule on port 22 for the

SFTP traffic, and as I said earlier since SFTP traffic comes encrypted, the content

rule should be layer 4.

For example:

content sftp

protocol tcp

port 22

vip address 192.168.1.1

add service sftpserv1

add service sftpserv2

active

HTH

Syed Iftekhar Ahmed

0 Helpful

Go to solution
gpangallo
Level 1
Level 1
In response to Syed Iftekhar Ahmed

‎09-03-2008 01:32 AM

Hi Syed,

Thank you very much for your help. I have only a question. When I configure the content rule for this service can I use the command "application-control ftp"?

I'd appreciate your answer.

Best regards.

Giuseppe.

0 Helpful

Go to solution
Syed Iftekhar Ahmed
Level 8
Level 8
In response to gpangallo

‎09-03-2008 08:37 AM

You don't need to.

This command is use for FTP only. FTP uses two separate channels and this command ensures that CSS can read the server response and make apprpriate holes in CSS for data traffic. Its similar to inspect ftp in Firewall.

Syed Iftekhar Ahmed

0 Helpful
Customers Also Viewed These Support Documents