Gateway
This manual lists all the configurations that the S-Filer Portal's Configuration CLI can change about the Gateway.
| Configuration key | Description | Default value |
|---|---|---|
| cfg. | Turning on this option will automatically start a web interface on the gateway. This web interface will be on the same port as the HTTPS protocol. To be able to use this interface, you will have to create the configuration on the server | false |
| cfg. | URL used by gateway for the communication with the server, e.g., http://localhost:8088/ | |
| ftp. | This is the address sent in response to PASV command. It should be visible to clients of the FTP(S) server. You should specify this address if the server has multiple network interfaces or is behind "port forwarding" equipment. Leave blank to use the server address. | |
| ftp. | Turn on or off the FTP Server. | false |
| ftp. | IP address where the FTP Server listens for incoming connection request. (Default value is 0.0.0.0 to listen on all interfaces) | 0.0.0.0 |
| ftp. | The end of the range of data ports for passive FTP transfers. This range can overlap the range for FTPS. A too small range will limit the number of concurrent transfers. A range too large will require opening many ports on the firewall. | 60020 |
| ftp. | The start of the range of data ports for passive FTP transfers. This range can overlap the range for FTPS. A too small range will limit the number of concurrent transfers. A range too large will require opening many ports on the firewall. | 60000 |
| ftp. | Port number where the FTP Server listens for incoming connection request. (Standard default value is 21). | 21 |
| ftps. | Determines how SSL/TLS ciphers are managed. S-Filer maintains a list of strong ciphers that will evolve over time. The 'Automatic' mode allows to enable only the strong ciphers from this list. For some older clients, weaker ciphers may need to be enabled because they don't support any of the strong ones. The 'JVM Default' mode results in all ciphers present on the JVM to be enabled. For a more fine-grained control, the 'Custom' mode allows to specify all the ciphers that must be enabled in the 'Custom SSL/TLS ciphers' parameter. | AUTOMATIC |
| ftps. | List of SSL/TLS ciphers (separated by comma) that will be enabled if the cipher management mode is 'Custom'. WARNING: Some ciphers specified in this list may not be available depending on the key type of the SSL/TLS private key. | TLS_AES_128_GCM_SHA256,TLS_AES_256_GCM_SHA384,TLS_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 |
| ftps. | Turn on or off the FTPS Server. | false |
| ftps. | IP address where the FTP Server listens for incoming connection request. (Default value is 0.0.0.0 to listen on all interfaces) | 0.0.0.0 |
| ftps. | The end of the range of data ports for passive FTPS transfers. This range can overlap the range for FTP. A too small range will limit the number of concurrent transfers. A range too large will require opening many ports on the firewall. | 60020 |
| ftps. | The start of the range of data ports for passive FTPS transfers. This range can overlap the range for FTP. A too small range will limit the number of concurrent transfers. A range too large will require opening many ports on the firewall. | 60000 |
| ftps. | Port number where the FTPS Server listens for implicit connection request. (Standard default value is 990). | 990 |
| ftps. | Port number where the FTPS Server listens for explicit connection request. (Standard default value is 21, same as FTP). | 21 |
| ftps. | SSL/TLS private key for the FTPS server. | jetty |
| http. | Turn on or off the HTTPS server. | false |
| http. | IP Address where the HTTPS server listens for incoming connection request. (Default value is 0.0.0.0) | 0.0.0.0 |
| http. | Port number where the HTTPS server listens for incoming connection request. (Default value is 443 or 80). | 8081 |
| http. | SSL/TLS private key for HTTPS server. | jetty |
| http. | Determines whether to use the SSL Protocol. | true |
| http. | Determines how SSL/TLS ciphers are managed. S-Filer maintains a list of strong ciphers that will evolve over time. The 'Automatic' mode allows to enable only the strong ciphers from this list. For some older clients, weaker ciphers may need to be enabled because they don't support any of the strong ones. The 'JVM Default' mode results in all ciphers present on the JVM to be enabled. For a more fine-grained control, the 'Custom' mode allows to specify all the ciphers that must be enabled in the 'Custom SSL/TLS ciphers' parameter. | AUTOMATIC |
| http. | List of SSL/TLS ciphers (separated by comma) that will be enabled if the cipher management mode is 'Custom'. WARNING: Some ciphers specified in this list may not be available depending on the key type of the SSL/TLS private key. | TLS_AES_128_GCM_SHA256,TLS_AES_256_GCM_SHA384,TLS_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 |
| http. | Determines if the SSL/TLS SNI host check is enabled. SNI (Server Name Indication) is an extension to the SSL/TLS protocol by which a client indicates which hostname it is attempting to connect to at the start of the connection process. If the SNI host check is enabled and the hostname of the server to which the client is trying to connect to is not found in the server certificate, the server returns an invalid SNI error. | true |
| ssh. | Banner displayed when accessing the SSH server. | Welcome to S-Filer Portal SSH Server Interface |
| ssh. | Determines how SSH ciphers are managed. S-Filer maintains a list of strong ciphers that will evolve over time. The 'Automatic' mode allows to enable only the strong ciphers from this list. For some older clients, weaker ciphers may need to be enabled because they don't support any of the strong ones. The 'Allow Weak' mode results in all weaker ciphers being enabled. For a more fine-grained control, the 'Custom' mode allows to specify all the ciphers that must be enabled in the 'Custom SSH ciphers' parameter. | AUTOMATIC |
| ssh. | Maximum time (in seconds) the SSH connection is kept open without activity. | 1800 |
| ssh. | List of SSH ciphers (separated by comma) that will be enabled if the cipher management mode is 'Custom'. The supported values are listed in the log file during the Gateway startup. | aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com |
| ssh. | List of SSH HMAC algorithms (separated by comma) that will be enabled if the HMAC algorithm management mode is 'Custom'. The supported values are listed in the log file during the Gateway startup. | hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com |
| ssh. | List of SSH key exchange algorithms (separated by comma) that will be enabled if the key exchange algorithm management mode is 'Custom'. The supported values are listed in the log file during the Gateway startup. | curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group18-sha512,diffie-hellman-group17-sha512,diffie-hellman-group16-sha512,diffie-hellman-group15-sha512,diffie-hellman-group14-sha256,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,rsa2048-sha256 |
| ssh. | Turns on or off the SSH Server. | false |
| ssh. | Determines how SSH HMAC algorithms are managed. S-Filer maintains a list of strong HMAC algorithms that will evolve over time. The 'Automatic' mode allows to enable only the strong HMAC algorithms from this list. For some older clients, weaker HMAC algorithms may need to be enabled because they don't support any of the strong ones. The 'Allow Weak' mode results in all weaker HMAC algorithms being enabled. For a more fine-grained control, the 'Custom' mode allows to specify all the HMAC algorithms that must be enabled in the 'Custom SSH HMAC algorithms' parameter. | AUTOMATIC |
| ssh. | Specifies the file path or value for the DSA host key used by the SSH server. | ./conf/ssh_host_dsa_key |
| ssh. | Specifies the file path or value for the RSA host key used by the SSH server. | ./conf/ssh_host_rsa_key |
| ssh. | IP address where the SFTP Server listens for incoming connection request. (Default value is 0.0.0.0) | 0.0.0.0 |
| ssh. | Key used by the SSH Server. | |
| ssh. | Determines how SSH key exchange algorithms are managed. S-Filer maintains a list of strong key exchange algorithms that will evolve over time. The 'Automatic' mode allows to enable only the strong key exchange algorithms from this list. For some older clients, weaker key exchange algorithms may need to be enabled because they don't support any of the strong ones. The 'Allow Weak' mode results in all weaker key exchange algorithms being enabled. For a more fine-grained control, the 'Custom' mode allows to specify all the key exchange algorithms that must be enabled in the 'Custom SSH key exchange algorithms' parameter. | AUTOMATIC |
| ssh. | Maximum number of SSH transfers that can be performed concurrently in a session. | 50 |
| ssh. | Maximum number of concurrent SSH connections allowed (leave blank for unlimited). | |
| ssh. | Maximum number of concurrent SSH connections allowed for a user (leave blank for unlimited). | |
| ssh. | Maximum number of concurrent sessions allowed for an SSH connection. | 10 |
| ssh. | Number of threads that are kept permanently alive to manage SSH transfers. Additional threads will be created/destroyed when needed. | 2 |
| ssh. | Port number where the SFTP Server listens for incoming connection request. (Default value is 22) | 22 |