DataPower

DataPower

Join this online group to communicate across IBM product users and experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

 View Only
Back to discussions
Expand all | Collapse all

exploring the options for tcp proxy authentication

  • 1.  exploring the options for tcp proxy authentication

    Posted Mon February 07, 2022 05:04 PM

    Hello All

    We have datapower sitting in DMZ and running into a situation where we need to spin up a tcp proxy for SFTP/SSH access to backend sftp server. At the same time, is there any way we can apply any sort of authentication on the incoming connections tcp-proxy. All I want to restrict only few users connecting to datapower tcp-proxy interface. running out of idea and open for any suggestion/thought.

    Regards

    Krishna



    #DataPower
    #Support
    #SupportMigration


  • 2.  RE: exploring the options for tcp proxy authentication

    Posted Fri February 11, 2022 07:47 AM

    Hi,

    unfortunately you cannot really attach any authentication mechanism to TCP proxy service as it just a "dump pipe" that forwards all the traffic through to the backend. The purpose of TCP Proxy service, as I have understood it, is to provide an easier access to services sitting behind DataPower and somewhat simplify the network setup.... As long as one knows the pitfalls of a such configuration because in the right circumstances it can give you the power to drill holes to your firewalls and thus bypass the outer security mechanisms.

    Some of my customers have just placed an SSH server to the DMZ with hardened setup + implemented audit logging and used it to allow the access to other resources in a controlled manner.

    --HP



    #DataPower
    #Support
    #SupportMigration


Related Content