Network zone and server communication profile fields

The following are the fields and descriptions for SecureTransport network zones and server communication profiles. You use these fields when adding or editing these objects in the Central Governance user interface. See Change the SecureTransport configuration or About SecureTransport network zones for how to access the fields.

Connectivity

The Administration host and Port are used by Central Governance when deploying flows to SecureTransport. For details, see Master SecureTransport node fails.

Administration host

Enter the SecureTransport host name representing a single valid host (resolves to a valid IPv4 or IPv6 address) to use when deploying flows.

Port

Enter the SecureTransport port number to use when deploying flows.

Network zone fields

The network definition includes internal options for controlling connections, network environment settings, network protocols, and general environment settings.

Name

The unique identifier of the network zone. The name is configurable only for zones in the DMZ. The first network zone is always the private zone and cannot be renamed.

Host

The list of SecureTransport servers or Edge hosts represented by the host name or IP address.

FQDN

The fully qualified domain name or IP address used by partners and applications to connect to SecureTransport. In a cluster environment, it represents the address of the load balancer, which is the entry point for the SecureTransport environment.

Server communication profile fields

Note You can create a certificate for a server communication profile in SecureTransport after having registered with Central Governance. However, you must create the same certificate with the exact same alias in Central Governance using the SecureTransport's configuration page.

Name

The name of the server communication profile.

Protocol

The protocol for the server communication profile.

The following are the server communication profile fields by protocol.

See Alternative IP addresses  for details on managing multiple host:port pairs for server communication profiles.

PeSIT

Port

Port on which the server listens for connection requests.

Network protocol

Indicates the network protocol.

  • TCP - The Transmission Control Protocol (TCP), one of the core protocols of the Internet protocol suite (IP), is often called TCP/IP. TCP provides reliable, ordered and error-checked delivery of a stream of octets between programs running on computers connected to a local area network, intranet or the public Internet. It resides at the transport layer.
  • pTCP - The parallel Transmission Control Protocol (pTCP) is an end-to-end transport layer protocol that supports striped connections.
  • UDT - UDT is a UDP-based data transport protocol for transferring large datasets over wide area, high-speed networks.

PeSIT login

User name for connecting to the server.

Password and confirm password

Password for connecting to the server.

Enable SSL/TLS

Indicates whether the connection is secured via SSL or TLS.

Client authentication required

If SSL/TLS is enabled, indicates whether to use the client's public key certificate to authenticate the client to the server.

Yes means the server and the client must be authenticated.

No means only the server must be authenticated.

Optional means the server and the client must be authenticated but both SSL and non-SSL connections are enabled. If the client requests SSL but the client certificate verification fails, the client is allowed to log in with a user name and password.

Private certificate

If SSL/TLS is enabled, you can either use an existing private certificate, or upload a new private certificate.

Select private certificate

Use a certificate with the P12 (PKCS#12) file format.

Enable FIPS transfer mode

When SSL/TLS is enabled, indicates whether Federal Information Processing Standards (FIPS) is enabled for transfers. When enabled, the sender and the receiver must use FIPS-compliant ciphers and ciphers suites. Transfers fail if the sender and receiver do not provide them.

Secured socket mode

If SSL/TLS is enabled, indicates the secured socket usage for communication profiles with TCP.

  • Non Legacy (default) - Use non-legacy PeSIT SSL communication profiles
  • Legacy - Use legacy PeSIT SSL communication profiles
  • Autodetect - Automatically detects Legacy or Compatibility mode for PeSIT SSL communication profiles

Preconnection id

When Preconnection is enabled, a preconnection step occurs for communication between SecureTransport and a partner in which the client initiates a connection by sending identifying data to the receiving server.

Password and confirm password

Password for connecting to the server.

SFTP

Port

Port on which the server listens for connection requests.

Client authentication

Indicates the method for authenticating clients to the server.

  • Password - The user name and password for connecting to the server is used to authenticate the client.
  • Public key - The client's public key is used to authenticate to the server.
  • Password or public key - The public key or password can be used by clients to authenticate to the server.

Server encryption

Upload a file containing the private key or select an existing key. SecureTransport uses this key to encrypt the SSH-FTP channel.

For a new key, specify an alias for it. This enables you to use the same certificate in multiple profiles.

The user interface warns if you try to add a duplicate alias. Aliases are unique by the objects related to them. For example, an alias for a partner certificate must be unique for a specific partner, but the same alias could be used for another partner.

Select private key

Use a key with the P8 (PKCS#8) file format.

Upload corresponding public key

If you select Yes, you are prompted to select the Public credential and the Public key, where DER and PEM are the supported file formats.

Enable FIPS transfer mode

When SSL/TLS is enabled, indicates whether Federal Information Processing Standards (FIPS) is enabled for transfers. When enabled, the sender and the receiver must use FIPS-compliant ciphers and ciphers suites. Transfers fail if the sender and receiver do not provide them.

FTP

SecureTransport supports explicit security only. This is why there is no security setting in the user interface. With explicit security, the initial connection is unencrypted. To establish the secure link, explicit security requires the FTP client to issue a specific command to the FTP server after establishing a connection. The default FTP server port is used.

Port

Port on which the server listens for connection requests.

Passive port range

SecureTransport has activated both active and passive mode. For the passive mode, specify the range of ports for the server to listen for connections.

Enable SSL/TLS

Indicates whether the connection is secured via SSL or TLS.

Client authentication required

If SSL/TLS is enabled, indicates whether to use the client's public key certificate to authenticate the client to the server.

Yes means the server and the client must be authenticated.

No means only the server must be authenticated.

Optional means the server and the client must be authenticated but both SSL and non-SSL connections are enabled. If the client requests SSL but the client certificate verification fails, the client is allowed to log in with a user name and password.

Private certificate

If SSL/TLS is enabled, you can either use an existing private certificate, or upload a new private certificate.

Select private certificate

Use a certificate with the P12 (PKCS#12) file format.

Enable FIPS transfer mode

When SSL/TLS is enabled, indicates whether Federal Information Processing Standards (FIPS) is enabled for transfers. When enabled, the sender and the receiver must use FIPS-compliant ciphers and ciphers suites. Transfers fail if the sender and receiver do not provide them.

HTTP

Port

Port on which the server listens for connection requests.

Enable SSL/TLS

Indicates whether the connection is secured via SSL or TLS.

Client authentication required

If SSL/TLS is enabled, indicates whether to use the client's public key certificate to authenticate the client to the server.

Yes means the server and the client must be authenticated.

No means only the server must be authenticated.

Optional means the server and the client must be authenticated but both SSL and non-SSL connections are enabled. If the client requests SSL but the client certificate verification fails, the client is allowed to log in with a user name and password.

Private certificate

If SSL/TLS is enabled, you can either use an existing private certificate, or upload a new private certificate.

Select private certificate

Use a certificate with the P12 (PKCS#12) file format.

Enable FIPS transfer mode

When SSL/TLS is enabled, indicates whether Federal Information Processing Standards (FIPS) is enabled for transfers. When enabled, the sender and the receiver must use FIPS-compliant ciphers and ciphers suites. Transfers fail if the sender and receiver do not provide them.

 

Central Governance | Document Directory

Related Links