File Transfer

A security dongle must be inserted in the BLUE and RED servers to change configuration.

Prerequisites

Before you configure any transfer parameters:

  • Ensure a dongle is inserted in the server you want to modify.
  • Ensure MetaDefender Optical Diode BLUE and MetaDefender Optical Diode RED network addresses are configured.
  • Ensure the current license and personality are uploaded.

FTP

FTP must be configured in both BLUE and RED sides . Each side has its own management UI.

You can define several FTP servers in the Optical Diode UI to send files from BLUE to RED. To do so, just follow the instructions bellow.

Go to the management UI and insert user and password to login.

Click the File Transfer link, select the FTP label and then click on the Add FTP Share button.

Complete the following fields:

  • FTP Channel: Assign a channel number.

The FTP Channel Number must be the same on both BLUE and RED sides.

  • User: Username for FTP file transfer server

  • Password: Password for the FTP server

  • Server: Name or IP address for the FTP server

  • Share: Folder on FTP server. The value can be a folder name or a ‘/’, depending on how you set up file sharing on the FTP server.

    • Optical Diode BLUE: Location on the BLUE zone server that contains the data to be transferred
    • Optical Diode RED: Location on the RED zone server that will receive the transferred data

  • Description (optional): Description of the FTP transfer.

  • Enabled: File transfer will be enabled if this checkbox is ticked.

  • Delete Files on Share after Transfer: If this checkbox in ticked, files will be erased from the Share folder once the file transfer have been completed. This option will be present only in the sending side.

After filling in the fields, click on the Submit button to save configuration.

SFTP

SFTP must be configured on both BLUE and RED sides. Each side has its own management UI.

You can define several SFTP servers in the Optical Diode UI to send files from BLUE to RED. To do so, just follow the instructions bellow.

Go to the management UI and insert user and password to login.

Click the File Transfer link, select the SFTP label and then click on the Add SFTP Share button.

Complete the following fields:

  • SFTP Channel: Assign a channel number.

The SFTP Channel Number must be the same on both BLUE and RED sides.

  • User: Username for SFTP file transfer server.

  • Auth: Select between password or Private Key, Encrypted Private Key or NetWall Generated Keys depending on what is the preferred authentication method.

  • Password: insert here the password depending on the authentication method selected.

  • Private Key: insert here the Private Key depending on the authentication method selected.

  • Server: Name or IP address for the SFTP server.

  • Port: Default port for SFTP file transfer is 22 but it can be changed by the user.

  • Share Path: Folder on SFTP server. The value can be a folder name or a ‘/’, depending on how you set up file sharing on the SFTP server.

    • Optical Diode BLUE: Location on the BLUE zone server that contains the data to be transferred.
    • Optical Diode RED: Location on the RED zone server that will receive the transferred data.

  • Polling Time (sec): How often to poll the file share for new files (default: 10 secs, allowed values from 10 to 3600).

  • Description (optional): Description of the SFTP transfer.

  • Enabled: File transfer will be enabled if this checkbox is ticked.

  • Delete Files on Share after Transfer: If this checkbox in ticked, files will be erased from the Share folder once the file transfer have been completed. This option will be present only in the sending side.

Connection can be tested to check the configuration pressing Test button.

After filling in the fields, click on the Submit button to save configuration.

Windows File Share

Windows File Share (WFS) must be configured on both BLUE and RED sides. Each side has its own management UI.

Go to the management UI and insert user and password to login.

Click the File Transfer select the Windows Share label and then click on Add Windows Share.

Complete the following:

  • User: Username for the Windows File Sharing server

  • Password/Re-enter: Password for the Windows server

  • Server: Name or IP address for the Windows server

  • Share: Folder on Windows File Sharing. This value must be a folder name

    • Optical Diode BLUE: Location on the BLUE zone server that contains the data to be transferred
    • Optical Diode RED: Location on the RED zone server that will receive the transferred data

  • Description (optional): Description of the Windows Share transfer.

  • Enabled: File transfer will be enabled if this checkbox is ticked

Connection can be tested to validate the configuration by pressing Test button.

After filling in the fields, click on the Submit button to save configuration.

Mixed File Transfers

The Optical Diode allows the user to configure mixed file transfers. For instance a user can configure a WFS file share on the BLUE side and a FTP share on the RED side. The Optical Diode BLUE will take files from the Windows Share, transfer them to the Optical Diode RED then transfer the files to a FTP server configured on the RED side. To do that:

  • Configure your preferred file transfer protocol for the BLUE side and configure it as previously indicated.
  • Configure your preferred file transfer protocol for the RED side and configure it as previously indicated.

The Channel Number must be the same on both BLUE and RED sides.
  • Initiate your file transfer from the BLUE side and check the files have been received in the RED side.

Historical Data

The Optical Diode keeps a record of the files transferred from BLUE to RED. To review the Historical data, click on the History tab within the File Transfer section.

Please note that File Transfer Historical Data is not stored in backups.

Once the data is loaded it can be filtered in several ways.

  • Undelivered: Only shows undelivered transfers. File haven't been received by RED side.
  • Time filters: Daily, weekly and monthly filters can be applied. A date range can also be defined.
  • Search box can be used to search for specific files by typing text.

Please, notice that this information can be checked in both sides BLUE and RED.

File Transfer Priority Configuration

Optical Diode can be configured for transferring files from BLUE to RED. If Optical Diode is doing many file transfers, the transfers can consume bandwidth and other resources to the point that it encroaches on TCP Stream performance.

Optical Diode provides a priority mechanism (High, Medium, Low) designed to limit the resources consumed by File Transfer. This throttling mechanism can lower the impact of large volume file transfers as well as compensate for a RED destination File Server that operates slower than the BLUE source File Server.

Digital Signature and Verification

How it Works

MetaDefender Optical Diode can be configured to apply a digital signature on a file and validate the signature when transferring files between two sites or domains. The feature requires the use of two Optical Diode devices, one at Site A and another at Site B. The Optical Diode can be configured to perform one of the following options:

· Signing an incoming file

· Verifying a signature of an incoming file

· None of these actions (default)

Workflow Description

  1. Obtain private/public signing key from a Certificate Authority or self-generated pair (Private/Public Key: Advanced->Encryption->Digital Signature). The private key is installed on Optical Diode BLUE A, while the Public key are installed on Optical Diode RED A, BLUE B and RED B.
  2. BLUE A copies a file from a source File Server and signs its hashed (SHA256) content using a Private Key from Digital Signature store.
  3. The file along with metadata, containing the signature is transferred from BLUE A to RED A. The hash and the signature are verified by RED A to ensure the data integrity of the file transfer.
  4. The signed file, along with metadata is transferred from RED A, over the untrusted network to BLUE B. To ensure confidentiality, mutual TLS is employed. BLUE B receives the file, verifies the hash and signature to check its integrity. The file is transferred from BLUE B to RED B.
  5. RED B verifies the signature by using the public key imported within the Digital Signature (Advanced -> Encryption -> Digital Signature).
  6. Files with valid digital signatures are delivered from RED B to the destination File Server.
  7. Rejected files are reported via syslog and discarded.

Configuration

BLUE A - Create/Export Signer Key

  1. On BLUE A, Navigate to: Advanced>Encryption>Digital Signature Menu.
  2. Select "Create Digital Signature Signer Key" or "Import Signer Key".
  3. Assign a Friendly Name for "Create Digital Signature Signer Key".
  1. Select Signer Key just created or imported.
  2. Export Signer Key (Public Key) to Desktop or Directory.

Signer Key (Public Key) must be imported on RED A, BLUE B and RED B.

BLUE A - Configure File Transfer

  1. Navigate to: File Transfer and select File Transfer method (FTP, SFTP or Windows File Share).
  2. Configure File Transfer channel as per instructions in previous FTP, SFTP or Windows File Share section.
  3. Select previously created or imported Signer Key.

RED A - Create Digital Signature Forwarder

  1. Navigate to File Transfer and select the Digital Signature Forwarder tab.
  2. Select Add Forwarder.
  3. Fill in fields:
  • Channel Number: Must match Channel Number assigned on BLUE A
  • Port: Port defined on BLUE B
  • Destination IP/Hostname: Destination IP Address or Hostname on BLUE B
  • Certificate: Select a Certificate to be use for Digital Signature. Certificates in Advanced > Encryption > SSL/TLS Credentials
  • Digital Signature: Select a Digital Signature for the Forwarder. Digital Signatures in Advanced > Encryption > Digital Signature
  • Description: Friendly name

BLUE B - Create Digital Signature Receiver

On BLUE B navigate to File Transfer>Digital Signature Receiver and select Action Item "Add Receiver" and fill in the following:

  • Channel: Select the assigned channel number. The assigned channel on BLUE B does not have to match the assigned channel on BLUE A AND RED A.
  • Bind IP Address: Select an IP Address in Advanced>Networking>IP Addresses
  • Port: Listening port
  • Certificate: Select a certificate in Advanced>Encryption>SSL/TLS Certificates
  • Digital Signature: Select Digital Signature in Advanced>Encryption>Digital Signature
  • Description: Friendly description

BLUE B - Export Credentials to RED A

  1. Navigate to Advanced/Encryption/SSL/TLS Credentials
  2. Select Credentials
  3. Select Export Credentials and save to Desktop or Directory

RED A - Import BLUE B Credentials

  1. Navigate to Advanced/Encryption/SSL/TLS Credentials
  2. Select Action Item Import Keypair
  3. Import BLUE 2 Credentials from Desktop or directory

Repeat Export/Import process inversely. Export RED A credentials and import to BLUE B.

RED B - Configure File Transfer

  • Navigate to: File Transfer and select File Transfer method (FTP, SFTP or Windows File Share).
  • Configure File Transfer channel as per instructions in previous FTP, SFTP or Windows File Share section.
  • Select Digital Signature from Digital Signatures in Advanced > Encryption > Digital Signature

Channel number must be the same on BLUE B and RED B.

Digital Signature must be the same on BLUE A/RED A and BLUE B/RED B

##

Type to search, ESC to discard
Type to search, ESC to discard
Type to search, ESC to discard
Next to read:
FTP Server

MetaDefender

On This Page
File TransferPrerequisitesFTPSFTPWindows File ShareMixed File TransfersHistorical DataFile Transfer Priority ConfigurationDigital Signature and VerificationHow it WorksConfigurationBLUE A - Create/Export Signer KeyBLUE A - Configure File TransferRED A - Create Digital Signature ForwarderBLUE B - Create Digital Signature ReceiverBLUE B - Export Credentials to RED ARED A - Import BLUE B CredentialsRED B - Configure File Transfer