Step 2: Install Client-Side SSTP Tunnel on a MOVEit Transfer Server

1. Sign in to the MOVEit Transfer server with administrator credentials.
2. Go to the Customer Portal and download the installer for Ipswitch Gateway for MOVEit Transfer.
3. Open the Ipswitch Gateway installer and click Run to run the install wizard.
4. Step 2: Install a client side SSTP Tunnel on your existing MOVEit Transfer server is preselected. Click Next.
5. System Check: The installer verifies that you have Administrator Privileges. Click Next.
6. Options: Connect SSTP tunnel to Gateway Server. Enter the Gateway Server Address or hostname to establish a connection.

   Important: What you enter here must be identical to what you entered for IP address or hostname Step 1: Options: Gateway Configuration Interface > System-generated self-signed certificate > Certificate Name.

   Click Next.

7. Options: SSTP Tunnel Credentials: Enter the SSTP Tunnel Credentials that you wrote down at the end of Step 1. An account will be created that will run the SSTP tunnel. Click Next.
8. Enter the credentials for an existing local Windows account. This account will be used to initiate and monitor the SSTP tunnel
9. If the SSTP certificate does not exist on the client-side machine, you must choose to either trust and import the SSTP certificate from the Ipswitch Gateway Tunnel, or not trust and not import it:
   • I trust this certificate. Import this certificate into the local trusted certificate store: Automatically imports and trusts the SSTP certificate.
   • I do not trust this certificate. Do not import this certificate: Does not import the SSTP certificate. You must import the certificate manually. (This option is not often used. Situations where you might select this option include importing the certificate manually to avoid the software from importing a certificate from a man-in-the middle attack, or changing certificates after installation.)
10. Ready to Install: Verify the installation setup, and then click Install.

    After a few moments, installation is complete.

11. Click Finish.

Next, you may need to manually start the VPN tunnel connection.

1. On the MOVEit Transfer server, open Administrator Tools > Task Manager.
2. Select Task Scheduler Library in the left panel.
3. Right-click the task named Ipswitch Gateway Tunnel connect and select Run. This will attempt to start the tunnel connection.

Important: Do NOT connect manually through the Network and Sharing Center or the connection will drop when the user logs out.

Next, you must disable IP lockouts on the MOVEit Transfer server, otherwise hacking attempts done through Ipswitch Gateway may cause the Gateway's IP address to be locked out, thus blocking all Gateway traffic. Disabling IP lockouts is more efficient than the alternative of adding the Gateway to the list of Trusted Hosts for each organization.

1. On the MOVEit Transfer server, go to Settings > System > Remote Access > IP Lockout Policy.
2. For Enable IP Lockout choose No.
3. Click Change Lockout Policy.

Next, go to Step 3.