Tunnels on

Manage a Tunnel

Mon, 01 Jan 0001 00:00:00 +0000

Create a tunnel

You can create tunnels for custom ports that are not predefined in the DSG using the Create Tunnel option in the Tunnels tab. The Create Tunnel screen is as seen in the following figure.

The following table provides the description for each option available on the UI.

Callout	Column/Textbox	Description
1	Name	Name of the tunnel.
2	Tunnel ID	Unique ID of the tunnel.
3	Description	Unique description that describes port supported by the tunnel.
4	Enabled	Select to enable the tunnel. The check box is selected as a default. Uncheck the check box to disable the tunnel.
5	Start without service	Select to start the tunnel if no service is configured or if no services are enabled.
6	Protocol	Protocol type supported by the tunnel.

The following types of tunnels can be created.

Amazon S3 Tunnel

Mon, 01 Jan 0001 00:00:00 +0000

Amazon Simple Storage Service (S3) is an online file storage web service. It lets you manage files through browser-based access as well as web services APIs. Within the DSG, the S3 tunnel is used to communicate with Amazon S3 cloud storage over the Amazon S3 REST API. The higher-layer S3 Service object, which sits above the tunnel object, configured at the RuleSet level is used to process file contents retrieved from S3.

HTTP Tunnel

Mon, 01 Jan 0001 00:00:00 +0000

Based on the protocol selected, the dependent fields in the Tunnel screen vary. The following image illustrates the settings that are specific to the HTTP protocol.

The options for the Inbound Transport Settings field in the Tunnel Details screen specific to the HTTP Protocol type are described in the following table.

Network Settings

1 Listening Interface: IP address through which sensitive data enters the DSG. The following Listening Interface options are available:

SFTP Tunnel

Mon, 01 Jan 0001 00:00:00 +0000

Based on the protocol selected, the dependent fields in the Tunnel screen vary. The following image illustrates that settings specific to SFTP protocol.

The options specific to the SFTP Protocol type are described in the following table.

Callout	Column/Textbox/Button	Subgroup	Description	Notes
	Network Settings
1		Listening Interface*	IP address through which sensitive data enters the DSG.
2		Port	Port linked to the listening address.
	SSH Transport Security Options		SFTP specific security options that are mandatory.Select a paired server host key or provide the key path.
3		Server Host Key Filename	Paired server host public key, uploaded through Certificate/Key material screen, that enables SFTP authentication. If the key includes an extension, such as *.key, enter the key name with the extension. For Files that are not uploaded to the resources directory, you must provide the absolute path along with the key name.	The DSG only accepts private keys that are not passphrase encrypted.
4	Advanced Settings*	Set additional advanced options for tunnel configuration, if required, in the form of JSON.	In a scenario where an ESA and two DSG nodes are in a cluster, by using the Selective Tunnel Loading functionality, you can load specific tunnel configurations on specific DSG nodes.	ethMNG: The management interface on which the Web UI is accessible. ethSRV0: The service interface for communicating with an untrusted service. 127.0.0.1: The local loopback adapter. 0.0.0.0: The broadcast address for listening to all the available network interfaces overall IP addresses. Other: Manually add a listening address based on your requirement.

**-The advanced settings that can be configured for SFTP Protocol.

SMTP Tunnel

Mon, 01 Jan 0001 00:00:00 +0000

The DSG can perform data security operations on the sensitive data sent by a Simple Mail Transfer Protocol (SMTP) client before the data reaches the destination SMTP server.

Over the internet, SMTP is an Internet standard for sending emails. When an email is sent to anyone, the email is sent using an SMTP client to the SMTP server. For example, if an email is sent from john.doe@xyz.com to jane.smith@abc.com, the email first reaches the xyz’s SMTP server, then reaches abc’s SMTP server, before it finally reaches the recipient, jane.smith@abc.com.