Step 1: Install Gateway Server and Server-Side SSTP Tunnel

Before you proceed, make sure the MOVEit Transfer server is installed and running.

1. On a separate machine from MOVEit Transfer, sign in with administrator credentials.
2. Go to the Customer Portal and download the installer for Ipswitch Gateway 2017 SP1 for MOVEit Transfer.
3. Open the Ipswitch Gateway installer and click Run to run the install wizard.
4. Welcome: Select Step 1: Install a Gateway server (outside firewall) and a server side SSTP tunnel. Click Next. The installer looks for prerequisite software.
5. System Check: The installer verifies the following:
   • Operating System Version: The machine must be running the Windows Server 2012 R2 operating system
   • Routing and Remote Access Service: A Windows server is required to properly configure the the Routing and Remote Access (RRAS) service. Workstations are not supported.
   • Routing and Remote Access - IIS: If IIS is installed and enabled, the IIS service will be disabled to avoid configuration conflicts with the Remote Access service and VPN. If not, the necessary components of Microsoft Internet Information Services (IIS) will be installed.
   • Administrator privileges

   Click Next.

6. Options: Ipswitch Gateway Folder: Select a location to install the Ipswitch Gateway server files, and then click Next.
7. Options: Gateway Configuration Interface. Designate a certificate to use as the identity of the Gateway Configuration interface:
   • X.509 (*.pfx or *.p12) certificate from your computer (recommended): Browse to locate the SSL *.pfx or *.p12 file. If you need to create a *.pfx or *.p12 file for your MOVEit Transfer server, see Create a *.pfx or *.p12 File. Enter the Certificate password in the space provided.
   • System-generated self-signed certificate: By default, the installer populates the Certificate Name field with the machine name of the Gateway Server. In most cases, you will simply accept the proposed value and continue. The Certificate Name value is used to populate the CN parameter in the *.pfx or *.p12 file.

   Choose the network interface and port to listen on:

   • Network Interface: Select a MOVEit Transfer Endpoint from the drop-down list
   • Port: Enter the port for the MOVEit Transfer Endpoint

   Click Next.

8. Options: Service User Account: Designate which account Ipswitch Gateway should use to run the Gateway service process:
   • Local System account
   • Different account: Enter the username and password of the different account.

   Click Next.

9. Options: Certificate for the SSTP Tunnel: Designate a certificate to use for the Secure Socket Tunnel Protocol (SSTP) Server:
   • System-generated self-signed certificate: For Certificate Name, enter the IP address or hostname that will be used to connect to this machine from the MOVEit Transfer server.
   • Certificate from the certificate manager: Select an existing certificate from the drop-down list. Public keys will not be shown here. Optionally click View Details to see detailed information about that certificate, in case you need to distinguish between certificates with the same name..

   Click Next.

10. Options: SSTP Tunnel Credentials: Enter a Username and Password for the account that will run the SSTP tunnel. If the account does not exist, a new account will be created using these credentials. GatewayVPNUser is a sample Username.

    Important: Write down these credentials. You will need them in subsequent steps.

    Click Next.

11. Ready to Install: Verify the installation setup, and then click Install.

    After a few moments, the installation is complete.

12. Click Finish.

    Note: Your web browser may attempt to open the Gateway Configuration Interface at this point. You will return to the Gateway Configuration Interface after Step 2.

    Note: When you see the Enable Windows Firewall, ignore it for now. You will configure the firewall in Step 4.

Proceed to Step 2.