SFTP Tunnel

Configure the SFTP tunnel.

Based on the protocol selected, the dependent fields in the Tunnel screen vary. The following image illustrates that settings specific to SFTP protocol.

SFTP Tunnel Settings

The options specific to the SFTP Protocol type are described in the following table.

Callout	Column/Textbox/Button	Subgroup	Description	Notes
	Network Settings
1		Listening Interface*	IP address through which sensitive data enters the DSG.
2		Port	Port linked to the listening address.
	SSH Transport Security Options		SFTP specific security options that are mandatory.Select a paired server host key or provide the key path.
3		Server Host Key Filename	Paired server host public key, uploaded through Certificate/Key material screen, that enables SFTP authentication. If the key includes an extension, such as *.key, enter the key name with the extension. For Files that are not uploaded to the resources directory, you must provide the absolute path along with the key name.	The DSG only accepts private keys that are not passphrase encrypted.
4	Advanced Settings*	Set additional advanced options for tunnel configuration, if required, in the form of JSON.	In a scenario where an ESA and two DSG nodes are in a cluster, by using the Selective Tunnel Loading functionality, you can load specific tunnel configurations on specific DSG nodes.	ethMNG: The management interface on which the Web UI is accessible. ethSRV0: The service interface for communicating with an untrusted service. 127.0.0.1: The local loopback adapter. 0.0.0.0: The broadcast address for listening to all the available network interfaces overall IP addresses. Other: Manually add a listening address based on your requirement.

**-The advanced settings that can be configured for SFTP Protocol.

Options	Description	Default (if any)
idle_connection_timeout	Timeout set for an idle connection.The datatype for this option is seconds.	30
default_window_size	SSH Transport window size	2097152
default_max_packet_size	Maximum packet transmission in the network. The datatype for this option is bytes.	32768
use_compression	Toggle SSH Compression	True
ciphers	List of supported ciphers	‘aes128-ctr’, ‘aes256-ctr’, ‘3des-cbc’
kex	Key exchange algorithms	‘diffie-hellman-group14-sha1’, ‘diffie-hellman-group-exchange-sha1’
digests	List of supported hash algorithms used in authentication.	‘hmac-sha1’

The following snippet describes the example format for the SFTP Advanced settings:

{
   "idle_connection_timeout": 30,
   "default_window_size": 2097152,
   "default_max_packet_size": 32768,
   "use_compression": true,
   "ciphers": [
      "aes128-ctr",
      "aes256-ctr",
      "3des-cbc"
   ],
   "kex": [
      "diffie-hellman-group14-sha1",
      "diffie-hellman-group-exchange-sha1"
   ],
   "digests": [
      "hmac-sha1"
   ]
}

Last modified February 7, 2025