Security Recommendations for the FileXpress Gateway Proxy

Use the following precautions to help ensure security on the FileXpress Proxy (the system running the FileXpress Secure Shell Proxy and the FileXpress Transfer Server).

  • Do not join the server to a Windows domain.
  • Do not run non-essential services on the server that might provide user access, such as Telnet servers, FTP servers, and SQL servers.
  • In the FileXpress SSH Proxy Server console:
    • On the FileXpress Users pane, leave Allow server access to FileXpress users only and Restrict FileXpress users to file transfer sessions selected. These default settings help minimize external user access to your system.
    • Change the user access account to an account with more limited privileges than the default service account.
    • Disable port forwarding for all users. To do this, clear both port forwarding options on the Permissions pane under Tunneling.
  • Configure firewalls that limit access to ports on your servers.