Using FASP with Secure Proxy (V3.4.3 or later)

IBM Aspera High-Speed Add-on uses FASP (Fast and Secure Protocol) to transfer files over high bandwidth and high latency network connections.

You can use IBM® Sterling Secure Proxy to handle FASP transactions securely.

Because Secure Proxy is designed so that there is a complete session break between two IBM Connect:Direct® nodes, you can use FASP protocol to send or receive transactions, or both, depending on the FASP licenses and operating systems involved in the transfer. If no FASP license is present, TCP/IP is used.

The benefits of using Secure Proxy with FASP include:

  • The added security of file transfers outweighs the potential loss of performance with Secure Proxy.
  • Any Connect:Direct FASP error messages flow through Secure Proxy to the other side of the transfer.
  • The monitoring of FASP transactions is done on the Connect:Direct ends of the transaction, not through Secure Proxy.

FASP scenarios

FASP can be used in Secure Proxy one of two ways, depending on whether FASP is natively supported by your Connect:Direct operating system:

  • You can use Secure Proxy as a "pass-through" when FASP is natively supported by Connect:Direct nodes on both sides of a transfer and both nodes have a FASP license.
  • You can use Secure Proxy as a "bridge" to perform a FASP transfer on one side of the connection and to use TCP/IP on the other side of the connection.

For more information, see Connect:Direct FASP scenarios.

FASP bandwidth

The bandwidth that is used between the sender of the file transfer and Secure Proxy is the bandwidth of the sender's license.

The bandwidth that is used between Secure Proxy and the receiver of the file is the bandwidth of the receiver's license.

Fasp Port Range

The Fasp Port Range value is a comma-delimited list of ports or a range of ports, or both, such as nnnn,nnnn,nnnn-nnn,nnn. The ports that are specified must be valid ports, numbering 1-65535. For a range of ports, the first port must be smaller than the second port.

Firewall administrators might only want to open a range of UDP ports to allow FASP traffic through the firewall. By default, Secure Proxy uses any available UDP port, but can be restricted to a range of ports by using the Fasp Port Range on the adapters that have Connect:Direct FASP traffic passing through them. For example, you can configure this property in Secure Proxy, in the Advanced tab of the Connect:Direct adapter under "Fasp Port Range."