Create an SFTP Netmap

You define inbound connection information for your external trading partners and outbound connection information for the SFTP server Secure Proxy connects to. These values are stored in a netmap. The netmap is associated with a policy and an adapter.

The SFTP protocol requires that the server authenticate itself to the client.

  • Inbound connection-Server authentication for the inbound connection requires that Secure Proxy use its private key to verify its identity to the inbound connection. Before you can configure authentication of Secure Proxy, you must configure a local host key store and add the private key to the local host key store. You must also send the public key to the inbound trading partner. Refer to Manage Local Host Key Stores and Keys for instructions. The keys used to authenticate Secure Proxy to the inbound node connection are configured in the adapter definition.
  • Outbound connection-Server authentication for the outbound connection requires that the SFTP server present its public key to Secure Proxy. Secure Proxy must use the public key to validate the server connection. Before you can configure authentication of the SFTP server, you must configure a known host key store and add the public key received from the SFTP server to this key store. Refer to Manage Known Host Key Stores and Keys for instructions.

For authentication of the SFTP server connection, you must determine what ciphers are allowed for encryption and what MACs are allowed for message integrity protection. These MACs and ciphers must also include the required settings from the inbound nodes, the outbound node, and all keys checked into the key stores.You also determine the order of preference for both the ciphers and the MACs. Communicate with the SFTP server administrator to ensure that your configuration matches the SFTP server configuration.

Before you begin this procedure, create a policy to associate with the netmap.

To create a netmap and define inbound and outbound nodes:

  1. Click Configuration from the menu bar.
  2. Click Actions > New Netmap > SFTP Netmap.
  3. Type a name for the netmap in the Netmap Name field.
  4. To define an inbound node definition:
    1. Click New.
    2. Specify the following values:
      • Inbound Node Name
      • Peer Address Pattern
      • Policy
    3. Click OK.
  5. To define an outbound node definition:
    1. Click the Outbound Nodes tab and click New.
    2. Specify the following values:
      • Outbound Node Name
      • Primary Destination Address
      • Primary Destination Port
      • Known Host Key Store
      • Known Host Key
    3. Click the Security tab.
    4. Specify the following values:
      • Available Cipher Suites
      • Available MAC Suites
      • Available Key Exchange
    5. If necessary, reorder the selected cipher suites, MAC suites, and key exchanges.
    6. Click OK.
  6. Click Save.