Gateway Settings

The following table describes the MFT Enterprise Gateway settings.

Parameter

Description

Domain Name

Defines the MFT Enterprise File Exchange website domain name that is accessed by external users.

http<s>://<domain_name>:<HTTP_port>

Log Level

Determines one of the following log levels for the Gateway:

  • ERROR

  • WARN

  • INFO

  • DEBUG

  • TRACE

HTTP Port for External Access

Determines the HTTP or HTTPS port number for the MFT Enterprise File Exchange.

  • If you change this parameter in Gateway Settings, you must change it in the proxyConfig.properties file in the Gateway and restart the Gateway.

  • If you set the port below 1024, which is a privileged port (well-known ports), the MFT Gateway must be executed as root user.

Session Timeout

Determines the number of seconds to wait without any operation before a timeout occurs.

Block File Exchange when it is accessed by specifying its IP address

Determines whether to enforce users to use the public hostname when accessing the File Exchange web site.

Any access that uses its IP address, such as https://10.20.30.40:8443, in the URL is blocked.

Enable simultaneous logins of the same user

Determines whether the same user can be logged in to File Exchange from multiple access points simultaneously.

Enable Identity Provider For External Users

Determines whether to configure authentication with an Identity Provider (IdP) for all Control-M MFT Enterprise external users.

Single Sing On URL

Defines the IdP URLs or SAML Endpoint, where Control-M MFT Enterprise redirects users to sign in.

Audience URI

Defines the Service Provider URI that is used for verification.

XML Metadata path

Defines the generated XML pathname from the IdP.

SFTP Settings

See SFTP Settings

FTP/S Settings

See FTP/S Settings

AS2 Settings

See AS2 Settings

IP Filtering

See IP Filtering

Changing the Control-M MFT Gateway PasswordLink copied to clipboard

This procedure describes how to change the Control-M MFT password.

Begin

  1. Log in to the account where the Control-M MFT Gateway is installed.

  2. Navigate to the following directory:

    mft_proxy/data/proxyConfig.properties

  3. Change the value of the gateway.password parameter to the new password preceded with PLAIN:, as follows.

    PLAIN:myPassword

  4. Restart the Control-M MFT Gateway, by running the following commands:

    1. shut-mft-proxy.sh

    2. start-mft-proxy.sh

IP Filtering Link copied to clipboard

IP Filtering enables you to allow or deny specific IPs from transferring files to and from your organization, which provides you control to prevent attacks from unauthorized sources.

The following example demonstrates what occurs when the same IP is both the Allow and Deny list:

  • Allow: IP1, IP2, IP3

  • Deny: IP3, IP4, IP5

  • Result: IP1 and IP2 are allowed, IP3, IP4, IP5 are denied.

The following table describes the IP Filtering settings.

Parameter

Description

Enable IP Filtering

Determines whether IP Filtering is enabled in Control-M MFT Enterprise.

Allow List File Path

Defines a path to the CSV file, which lists the IPs or IP range that are allowed to access Control-M MFT Enterprise.

Each record in the CSV file must accept either an IPv4 address or a range (from IP - to IP). A comment field for each record is optional.

Format:

  • <comment>,<IP>

  • <comment>,<From IP>-<To IP>

  • <comment>,<IP>, <IP>, <From IP>-<To IP>

Default: ${cm.home}/data/ip_allowed.csv

In a High Availability environment, the CSV file must be in a network location where all Hubs have access.

Deny List File Path

Defines a path to the CSV file, which lists the IPs or IP range that are denied access to Control-M MFT Enterprise.

Each record in the CSV file must accept either an IPv4 address or a range (from IP - to IP). A comment field for each record is optional.

Format:

  • <comment>,<IP>

  • <comment>,<From IP>,<To IP>

Default: ${cm.home}/data/ip_blocked.csv

In a High Availability environment, the CSV file must be in a network location where all Hubs have access.

Automatically Block IP due to Repeated Failed Logins

Determines whether to automatically block an IP due to failed login attempts according the parameters below.

Failed Login Attempts

Determines the number of failed login attempts before the IP is blocked.

Valid Values: 5–20

Default: 10

In a High Availability environment, the attempts are counted separately on each Hub, so the number of allowed attempts can reach up to (<Failed Login Attempts>*<Number of Hubs>) before the IP is blocked.

Failed Login Attempts Period

Determines the number of minutes to wait for the Failed Login Attempts value is reached before the IP is blocked.

If the Failed Login Attempts parameter is set to 10, the Failed Login Attempts Period parameter is set to 30, and there are 10 failed attempts within 30 minutes, then the IP is blocked.

Valid Values: 10–120

Default: 30

Blocked IP Expiration

Determines the number of hours to wait before the blocked IP is no longer blocked.

Valid Values: 1–48

Default: 4