Gateway Settings

The following table describes the MFT Enterprise Gateway settings.

Parameter

Description

Domain Name

Defines the MFT Enterprise File Exchange website domain name that is accessed by external users.

http(s)://<domain_name>:<HTTP_port>

Log Level

Determines one of the following log levels for the Gateway:

  • ERROR

  • WARN

  • INFO

  • DEBUG

  • TRACE

HTTP Port

Determines the HTTP or HTTPS port number for the MFT Enterprise File Exchange.

  • If you change this parameter in Gateway Settings, you must change it in the proxyConfig.properties file in the Gateway and restart the Gateway.

  • If you set the port below 1024, which is a privileged port (well-known ports), the MFT Gateway must be executed as root user.

SFTP Settings

See SFTP Settings

FTP/S Settings

See FTP/S Settings

AS2 Settings

See AS2 Settings

IP Filtering

See IP Filtering

Changing the Control-M MFT Gateway PasswordLink copied to clipboard

This procedure describes how to change the Control-M MFT password.

Begin

  1. Log into the computer where the Control-M MFT Gateway is installed.

  2. Navigate to the following directory:

    mft_proxy/data/proxyConfig.properties

  3. Change the value of the gateway.password parameter to the new password preceded with PLAIN:, as follows.

    PLAIN:myPassword

  4. Restart the Control-M MFT Gateway, by running the following commands:

    1. shut-mft-proxy.sh

    2. start-mft-proxy.sh

IP Filtering Link copied to clipboard

IP Filtering enables you to allow or deny specific IPs from transferring files to and from your organization, which provides you control to prevent attacks from unauthorized sources.

The following table describes the IP Filtering settings.

Parameter

Description

Enable IP Filtering

Determines whether IP Filtering is enabled in Control-M MFT Enterprise.

Allow List File Path

Defines a path to the csv file, which lists the IPs or IP range that are allowed to access Control-M MFT Enterprise.

Each record in the csv must accept either an IPv4 address or a range (from IP - to IP). A comment field for each record is optional.

Format:

  • <comment>,<IP>

  • <comment>,<From IP>-<To IP>

  • <comment>,<IP>, <IP>, <From IP>-<To IP>

Default: ${cm.home}/data/ip_allowed.csv

In a High Availability environment, the csv file must be in a network location where all Hubs have access.

Deny List File Path

Defines a path to the csv file, which lists the IPs or IP range that are denied access to Control-M MFT Enterprise.

Each record in the csv must accept either an IPv4 address or a range (from IP - to IP). A comment field for each record is optional.

Format:

<comment>,<IP>

<comment>,<From IP>,<To IP>

Default: ${cm.home}/data/ip_blocked.csv

In a High Availability environment, the csv file must be in a network location where all Hubs have access.

Automatically Block IP due to Repeated Failed Logins

Determines whether to automatically block an IP due to failed login attempts according the parameters below.

Failed Login Attempts

Determines the number of failed login attempts before the IP is blocked.

Valid values: 5-20

Default: 10

In a High Availability environment, the attempts are counted separately on each Hub, so the number of allowed attempts can reach up to (<Failed Login Attempts>*<Number of Hubs>) before the IP is blocked.

Failed Login Attempts Period

Determines the number of minutes to wait for the Failed Login Attempts value is reached before the IP is blocked.

If the Failed Login Attempts parameter is set to 10 and this parameter is set to 30 and there are 10 failed attempts within 30 minutes, the IP is blocked.

Valid values: 10-120

Default: 30

Blocked IP Expiration

Determines the number of hours to wait before the blocked IP is no longer blocked.

Valid values: 1-48

Default: 4