Step 1: Install Gateway Server and Server-Side SSTP Tunnel

Before you proceed, make sure the MOVEit Transfer server is installed and running.

1. On a separate machine from MOVEit Transfer, sign in with administrator credentials.
2. Go to the Customer Portal and download the installer for Ipswitch Gateway 2018 for MOVEit Transfer.
3. Open the Ipswitch Gateway installer and click Run to run the install wizard.
4. Welcome: Select Step 1: Install a Gateway server (outside firewall) and a server side SSTP tunnel. Click Next. The installer looks for prerequisite software.
5. System Check: The installer verifies the following:
   • Operating System Version: The machine must be running the Windows Server 2012R2 or Server 2016 operating system
   • Routing and Remote Access Service: A Windows server is required to properly configure the the Routing and Remote Access (RRAS) service. Workstations are not supported.
   • Routing and Remote Access - IIS: If IIS is installed and enabled, the IIS service will be disabled to avoid configuration conflicts with the Remote Access service and VPN. If not, the necessary components of Microsoft Internet Information Services (IIS) will be installed.
   • Administrator privileges

   Click Next.

6. Options: Ipswitch Gateway Folder: Select a location to install the Ipswitch Gateway server files, and then click Next.
7. Options: Gateway Configuration Interface. Designate a certificate to use as the identity of the Gateway Configuration interface. This certificate will be presented to Gateway administrators accessing the administrative user interface via a browser.
   • X.509 (*.pfx or *.p12) certificate from your computer (recommended): Browse to locate the SSL *.pfx or *.p12 file. Since in many cases the hostname of the Gateway server will be the hostname previously assigned to a MOVEit Transfer server, you may wish to use the certificate already installed on your MOVEit Transfer server. If you need to create a *.pfx or *.p12 file from your MOVEit Transfer server, see Create a *.pfx or *.p12 File. Enter the Certificate password in the space provided.
   • System-generated self-signed certificate: By default, the installer populates the Certificate Name field with Ipswitch Gateway (Demo). In most cases, you will simply accept the proposed value and continue. The Certificate Name value is used to populate the CN parameter in the *.pfx or *.p12 file.

   Choose the network interface and port to listen on:

   • Network Interface: Select a network interface (IP address) from the drop-down list. In most cases, you will want the Gateway to listen on All Interfaces.
   • Port: Enter the TCP port to which Gateway administrators will connect with a browser, to administer Ipswitch Gateway. It is recommended that you accept the default of 9443. When configuring the TCP port for the administrative interface, do not choose a port number that is likely to already be in use by the system, such as 10043. The default, 9443, is a good choice for most systems.

   Click Next.

8. Options: Service User Account: Designate which account Ipswitch Gateway should use to run the Gateway service process:
   • Local System account
   • Different account: Enter the username and password of the different account.

   Click Next.

9. Options: Certificate for the SSTP Tunnel: Designate a certificate to use for the Secure Socket Tunnel Protocol (SSTP) connection:
   • System-generated self-signed certificate: For Certificate Name, enter the IP address or hostname that will be used to connect to this machine from the MOVEit Transfer server.
   • Certificate from the certificate manager: Select an existing certificate from the drop-down list. Public keys will not be shown here. Optionally click View Details to see detailed information about that certificate, in case you need to distinguish between certificates with the same name.

   Click Next.

10. Options: SSTP Tunnel Credentials: Enter a password for the GatewayVPNUser account that will run the SSTP tunnel. If the account does not exist, a new account will be created using these credentials.

    Important: Write down these credentials. You will need them in subsequent steps.

    Click Next.

11. Options: Gateway Server Hostname: Enter a fully-qualified domain name of the Gateway machine. This is used to create HTTP redirects and is currently used only for client certificate authentication. This hostname should be visible to web browsers accessing the Gateway system. You can edit the name later if required. Doing so will restart all running HTTP proxies.
12. Ready to Install: Verify the installation setup, and then click Install.

    After a few moments, the installation is complete.

13. Click Finish.

    Note: Your web browser may attempt to open the Gateway Configuration Interface at this point. You will return to the Gateway Configuration Interface after Step 2.

    Note: When you see the Enable Windows Firewall, ignore it for now. You will configure the firewall in Step 4.

Proceed to Step 2.