Use the Gateway tab in the MOVEit Transfer Config Utility (DMZConfig.exe) to configure a secure connection with MOVEit Gateway 4.0. This tab controls the tunnel management between MOVEit Gateway and MOVEit Transfer.

You can include MOVEit Gateway, as part of your MOVEit Transfer license. MOVEit Gateway serves as a trusted, intermediary host that MOVEit Transfer can use to receive and pass application traffic.

Important: For details on how to install, deploy, and operate MOVEit Gateway, see the MOVEit Gateway documentation.

Get a MOVEit Transfer License that Includes Gateway

MOVEit Transfer must be licensed for MOVEit Gateway before the Gateway tab displays in the MOVEit Transfer Config Utility.

Sharing the SSH Public Key with (and pointing at) MOVEit Gateway

The tunnel management used by MOVEit Transfer to connect and configure MOVEit Gateway needs at minimum:

  • To point towards the MOVEit Gateway host. (Comma-separated for multiple gateways.)
  • To have an SSH public key installed on MOVEit Gateway.
Point to MOVEit Gateway Host

Use the Hostname field in the Gateway Settings panel to point the tunnel management agent running on MOVEit Transfer at the MOVEit Gateway Host.

Note: Get more details in the MOVEit Gateway documentation.

Point the MOVEit Transfer Tunnel Management at MOVEit Gateway

Learn more... (link to MOVEit Gateway documentation)

Copy the SSH Public Key to MOVEit Gateway

You will need this key when you configure MOVEit Gateway.

Once you point to your MOVEit Gateway host, you will need to:

  • Generate a key set...
  • Bring (copy) the SSH public key to the MOVEit Gateway host.
Note: Get more details in the MOVEit Gateway documentation.

Create a Copy a Public Key You Add to MOVEit Gateway Host

Learn more... (link to MOVEit Gateway documentation)

Tunnel Management Controls for MOVEit Gateway to MOVEit Transfer Connection

Important: Use this section to configure and control the tunnel service that runs between MOVEit Gateway and MOVEit Transfer only if you are running MOVEit Gateway 4.0 or higher. For more information, see the MOVEit Gateway Guide.

Use the Gateway tab of the MOVEit Transfer Config Utility to:

  • Point to MOVEit Gateway (in other words, point MOVEit Transfer at the SSH Server running on MOVEit Gateway).
  • Generate an SSH Public Authentication key pair (you will need to install this public key on the MOVEit Gateway host).
  • Designate the port range you want MOVEit Transfer to tunnel over (or use the default range).
Important: Your installed MOVEit Transfer license must support MOVEit Gateway for the Gateway tab to display in the MOVEit Transfer Config Utility.

MOVEit Gateway Tab of the MOVEit Transfer Configuration Utility (Enabled Shown)

Gateway Settings

Use these settings to enable and configure a secure connection with the MOVEit Gateway host.

  • Enabled. Click to allow MOVEit Transfer to connect to the network through MOVEit Gateway.
  • Hostname(s). Add the fully qualified hostname or the IP address for the MOVEit Gateway host machine. (Using the hostname is best practice.) Use a comma separated list for multiple gateway deployments.
  • SSH Server Port. The port number that Gateway listens to for connection requests from MOVEit Transfer. If Gateway is on the side of a firewall opposite MOVEit Transfer, you will need to adjust your firewall rules so they allow traffic across SSH Server Port.
  • SSH Auth Key. The secret access signature.
    • Generate New Key. Generate a new private/public SSH key pair.
    • View. View the public SSH key. The public SSH key needs to be installed on MOVEit Gateway.

Gateway Tunnels

Use these settings to enable and configure the application traffic that can use the tunnel.

Gateway Listen on IP Address for TunnelThis points at loopback address (127.0.0.1) but you can change it if you want MOVEit Gateway to accept connections on a specific address configured for a specific network interface. Best practice: use default ( 127.0.0.1).

Warning: This value should not change. Do not modify it unless you understand the topology and security requirements at your site and you have tested your changes in a non-production environment.

HTTPS

  • Enabled. Click to enable HTTPS connections over SSH with MOVEit Gateway.
  • Port Range. The Gateway host uses these ports to connect to the HTTPS port configured at the MOVEit Transfer host (typically 443).
    Important: Ensure the values for Port Range match the values specified in the HTTP proxy in the MOVEit Gateway UI. MOVEit Gateway will forward incoming requests to MOVEit Transfer across this range of ports ( Port Range).
  • Transfer Port. The value for the Transfer HTTPS port.

FTP (SFTP)

  • Enabled. Click to enable SFTP connections over SSH with MOVEit Gateway.
  • Port. When the Gateway host connects to this port, the port tunnels traffic to the Transfer SFTP port.

SSH

  • Enabled. Click to enable SSH connections over SSH with MOVEit Gateway.
  • Port. When the Gateway host connects to this port, the port tunnels traffic to the Transfer SSH port.

If You Recently Upgraded to MOVEit Gateway 4.0...

If you upgraded MOVEit Gateway from a version earlier than 4.0, and you configured MOVEit Gateway to use the new tunnel management system described in this section, you can delete the scheduled task for the legacy SSTP tunnel. This task runs on the MOVEit Transfer host and is not needed for MOVEit Transfer versions 2020 and higher to connect to MOVEit Gateway 4.0 and higher.

Multi-Org Gateway

If you are using MOVEit Gateway 4.1 or newer, you can use the MOVEit Gateway Admin UI to specify a different endpoint (in other words, sign-on URL) for each organization (Org) in your MOVEit Transfer deployment. For more details, see the MOVEit Gateway documentation.