Third-Party Load Balancer

Post any question you may have in regards to GoAnywhere MFT and let our talented support staff and other users assist you.
2 posts Page 1 of 1


Posts: 1
Joined: Thu Oct 01, 2015 5:54 am

Post by LBVBW » Tue Oct 06, 2015 3:18 am
We have some questions to GoAnywhere MFT related with a third-party Load Balancer.
But first of all our entire configuration: We use two MFT-Server in connection with two Gateway-Server. In front of the Gateway-Server we use a F5 Load Balancer. The Load Balancer has two different things to do. SSL offloading (HTTPS to HTTP) and of course load balancing (HTTPS and SFTP).

1. The SSL offloading only works, if we change the tomcat settings (install folder/config/https.xml) to:
Code: Select all
<Connector SSLEnabled="false" disableUploadTimeout="true" enableLookups="false" gaRedi-rect="false" name="Internet" port="80" protocol="HTTP/1.1" proxyPort="443" scheme="https" secure="true"/>
Is there another way to enable this settings (scheme and secure)?

2. Is it possible to use the X-Forwarded-For header in GoAnyhwere MFT? And is there an analog possibility for SFTP? Because currently we only see the remote IP Address which is every time the same (the IP of the Load Balancer)

3. Do you have a documentation for using a third-party Load Balancer in front of the Gateway-Server?

Thanks in advance for the help


Support Specialist
Posts: 592
Joined: Tue Jul 17, 2012 2:12 pm
Location: Phoenix, AZ

Post by Support_Rick » Tue Oct 06, 2015 11:34 am

Your best option here is to load the certificates into GoAnywhere and let the product handle the encryptions. It does this seamlessly through the program.

I assume you're trying to pass the originating details through the X-Forwarded-For header ... if so, this isn't recognized within GAMFT.

The issue is that you have to have the F5 forward the Originating IP. Normally this is done by SNAT using an iRule.

Normally, we do not provide support for front-end Load Balancers as the product allows for each customer to utilize VIP, LB, Firewalls, etc to route the communication traffic to the Gateway and/or the GAMFT directly. This is all determined by the Customer Installation and their network architecture. We have customers using F5 as well as Netscaler and others that they configured to pass-thru the originating IP, but we do not provide support for those configurations as they could affect other areas besides GAMFT.
Rick Elliott
Lead Solutions Consultant
(402) 944.4242
(800) 949-4696
2 posts Page 1 of 1