Third-Party Load Balancer

If you have a new question you’d like our support staff to post a response to, please visit our customer community, Data Security Insiders, to pose the question in our Discussion Boards. We have a thread “Ask Our Tech Experts” that our support team monitors on a regular basis, or you can start a new discussion where other GoAnywhere users and support staff can weigh in. Log in or create your new account at https://insiders.helpsystems.com/sign_in.

If you need an immediate response, please create a support ticket or contact our support team by email at [email protected].
3 posts Page 1 of 1

LBVBW

Posts: 1
Joined: Thu Oct 01, 2015 5:54 am

Post by LBVBW » Tue Oct 06, 2015 3:18 am
We have some questions to GoAnywhere MFT related with a third-party Load Balancer.
But first of all our entire configuration: We use two MFT-Server in connection with two Gateway-Server. In front of the Gateway-Server we use a F5 Load Balancer. The Load Balancer has two different things to do. SSL offloading (HTTPS to HTTP) and of course load balancing (HTTPS and SFTP).

1. The SSL offloading only works, if we change the tomcat settings (install folder/config/https.xml) to:
Code: Select all
<Connector SSLEnabled="false" disableUploadTimeout="true" enableLookups="false" gaRedi-rect="false" name="Internet" port="80" protocol="HTTP/1.1" proxyPort="443" scheme="https" secure="true"/>
Is there another way to enable this settings (scheme and secure)?

2. Is it possible to use the X-Forwarded-For header in GoAnyhwere MFT? And is there an analog possibility for SFTP? Because currently we only see the remote IP Address which is every time the same (the IP of the Load Balancer)

3. Do you have a documentation for using a third-party Load Balancer in front of the Gateway-Server?


Thanks in advance for the help

Support_Rick

Support Specialist
Posts: 592
Joined: Tue Jul 17, 2012 2:12 pm
Location: Phoenix, AZ

Post by Support_Rick » Tue Oct 06, 2015 11:34 am
LBVBW,

Your best option here is to load the certificates into GoAnywhere and let the product handle the encryptions. It does this seamlessly through the program.

I assume you're trying to pass the originating details through the X-Forwarded-For header ... if so, this isn't recognized within GAMFT.

The issue is that you have to have the F5 forward the Originating IP. Normally this is done by SNAT using an iRule.

Normally, we do not provide support for front-end Load Balancers as the product allows for each customer to utilize VIP, LB, Firewalls, etc to route the communication traffic to the Gateway and/or the GAMFT directly. This is all determined by the Customer Installation and their network architecture. We have customers using F5 as well as Netscaler and others that they configured to pass-thru the originating IP, but we do not provide support for those configurations as they could affect other areas besides GAMFT.
Rick Elliott
Lead Solutions Consultant
(402) 944.4242
(800) 949-4696

ejknight52

Posts: 1
Joined: Mon Jan 20, 2020 2:35 pm

Post by ejknight52 » Mon Jan 20, 2020 3:19 pm
We found the fix to be SSL Forwarding to the Servers through the F5.
3 posts Page 1 of 1