Configuring webMethods.io MFT Settings

Learn to configure listener preferences, audit settings, and webMethods.io MFT to send emails.

Features in webMethods.io MFT Settings

Throttling

Throttling enables you to control the speed of file transfers. By imposing such a restriction on bandwidth, you help prevent a situation where your organization’s entire bandwidth is used for file transfers. You can specify the following options:

Restrictions for Files

You can restrict particular operations for files that match a specified pattern. You can set the following server restrictions:

SSL Ciphers

Ciphers are algorithms that are used to encrypt or decrypt data. You can specify the SSL ciphers that webMethods.io MFT will apply to all SSL listeners associated with a server instance.

File-based Encryption and Decryption

File-based encryption and decryption enables you to encrypt files before you store them on your drive. Encrypted files are decrypted when they are transferred back through webMethods.io MFT using the same key that was used to encrypt them.

webMethods.io MFT encrypts and decrypts files instream rather than after the file is fully transferred.

When encryption and decryption keys are configured at multiple levels (user, server, and folder), webMethods.io MFT enforces the following order of preference:

  1. Users

  2. Folders

  3. Servers

For example, if user A accesses port 10 and uploads a file in a VFS MN, then webMethods.io MFT checks if the encryption or decryption key is available for user A. If no key is available at the user level, then webMethods.io MFT checks for the folder settings for a key. If no key is present at the VFS level, then webMethods.io MFT checks the server level settings for the key.

Configuring Listener Preferences

You can configure global settings for all listeners. These settings are applicable for all listeners associated with webMethods.io MFT.

  1. On the navigation pane, select Settings > Listener preferences.
  2. On the Listener preferences page, from the Instance list, select webMethods.io MFT instance.
  3. You can specify the following settings:

    Field Description
    Throttling
    Maximum simultaneous user connections Type the maximum number of client connections allowed for the server at any given time.
    Maximum outgoing speed (Kb/sec) Type the maximum allowable speed in kilobytes per second for outbound transfers across all listeners.
    Maximum incoming speed (Kb/sec) Type the maximum allowable speed in kilobytes per second for inbound transfers across all listeners.
    Active time window Select the required days of a week you want the server to be available to the user.
    File name filters You can configure the file name filters to allow or deny commands (Upload, Download, List, Rename) for files that match a specified pattern. For example, you can restrict a user from uploading files that end with “.exe”.
    - When you configure the file name filters for Listener Preferences and Users, the User file name filer configuration overrides the Listener Preferences configuration.
    - The file name filter is applied on the filename received by the server. For example, if a .pdf file is uploaded after changing the file extension to .txt, then webMethods.io MFT considers it as a .txt file when applying the filters.
    Patterns Click to add one or more patterns to restrict particular operation for certain files, and specify the following details:

    • Command: Select a operation to restrict ( List, Upload, Download or Rename) from the list.
    • Filter type: Select a filter type (Starts with, Ends with, or Contains) from the list.
    • File name: Type a portion of the file name that the Filter type criterion should evaluate (for example, “exe”).

    Note: Any characters except wildcard characters or regular expressions are permitted.
    Block paths matching these patterns Click to restrict access to specific folders and subfolders in the file system, and specify the following:

    • Pattern: Type the file system path you want to block. Regular expressions or wildcards characters are permitted.

    Tip: You can use simple pattern matching by preceding the pattern with the tilde (~) character. For example, to deny user access to the folder /system/bin, you would type: ~/system/bin/*
    Cache invalid user names for (sec) Type the number of seconds to hold the name of invalid users in the cache temporarily.
    The temporary caching of invalid user names is useful for blocking robots that make repeated attempts to discover valid user credentials. As a robot scans webMethods.io MFT during the user validation process, this option blocks subsequent login attempts made using an invalid user name for the specified number of seconds. If the user name is valid, the webMethods.io MFT ignores this setting.
    Slow down hack attempt scans Select this option to incrementally slow down responses to a client that appears to be a robot scanning for writable directories on your server by way of an FTP connection.
    This setting doubles the server’s response time for each subsequent response to the client, thereby rendering such robots less effective. Selecting this option does not result in any extra load on the CPU.
    SSL
    Activate Select this option to activate SSL encryption.
    Keystore alias Browse the required certificate alias for keystore.
    Manage ciphers Click and select the required ciphers from the list.
    To list the ciphers in a particular order:

    1. Click .
    2. In the Order ciphers dialog box, select a cipher and do one of the following:
      • Click to move the cipher up.
      • Click to move the cipher down.
    3. Click Ok.

    Note: If you reorder the ciphers for an SSL listener, then restart that respective SSL listener or all the SSL listeners for the change to take effect across all the SSL listeners.
    Note: Select the Prefer cipher list order on server option to force the order of the ciphers as listed on the server.
    File-based encryption
    Activate Select this option to activate file-based encryption.
    Public PGP key alias Type or browse the certificate alias for the public PGP key.
    File-based decryption
    Activate Select this option to activate file-based decryption.
    Private PGP key alias Type or browse the certificate alias for the private PGP key.
    Protocol options
    Welcome message Type a welcome message for display in the client console (example, webMethods.io MFT web client, FileZilla client, and so on) when a user logs in.
    Download in binary Select this option to download files only in binary mode. This prevents webMethods.io MFT from altering the line endings of the ASCII text files even if the FTP client requests it.
    Upload in binary Select this option to upload files only in binary mode.
    Allow extended passive and port commands Select this option to allow extended passive and port commands such as, Extended Passive Mode (EPSV) and Extended Data Port (EPRT). This ensures compatibility between the client and server.

    Note: Before you enable this option, ensure that your client supports these commands.
    Disable MTDM notifications Select this option to prevent users from changing modified times on uploaded files.
    Delete partial uploads Select this option to delete any incomplete uploads.
    ZIP compression level You can set the ZIP compression level according to your needs for file size and data transfer speed. Select one of the following options:
    • None: No compression. Results in the largest file size of the three options, with the longest transfer time.
    • Fast: Fastest compression. Performs little compression, but compression time is the fastest of the three options.
    • Best: Maximum compression. Provides the smallest file size possible after compression, with the shortest transfer time, but requires more time to perform the compression than the other two options.
    • Click Save.

    The server instance is updated with the global settings.

    Configuring Audit Settings

    You can configure logs to be recorded for all or specific webMethods.io MFT assets through audit settings.

    To configure audit settings

    1. On the navigation pane, select Settings > Audit Settings.
    2. On the Audit Settings page, select the Enable audit logs option, and select either all or specific assets for which you want logs to be recorded. You must at least select one asset if you enable this option.
    3. Note: By default, the audit logs are disabled.

    4. Click Save.
    5. The logs for the selected assets are audited and appear in the Audit log page.

    Configuring webMethods.io MFT to Send Emails

    Configure webMethods.io MFT to send emails in the following scenarios:

    Configuring Default Email Settings in the User Interface

    To configure the default email settings in the user interface (UI)

    1. On the navigation pane, go to Settings > General Settings.
    2. In User email settings, check Activate email alerts for user creation/update option.
    3. Specify the email details in User email settings. The following table lists the supported email fields:

      Field Description
      From Send email on behalf of the user.
      Subject Subject of the email.
      Template for user email Email template for the user creation alert.
      You can configure the following server variables in your user email template:
      • {firstName}: First name of the user.
      • {lastName}: Last name of the user.
      • {username}: User ID for the user.
      • {password}: Password for the user.
      • {serverList}: Listener URLs for the user.
      Template for password email Email template for the password creation alert.
      You can configure the following server variables in your password email template:
      • {firstName}: First name of the user.
      • {lastName}: Last name of the user.
      • {password}: Password for the user.
      Template for password reset Email template for the password reset alert.
      You can configure the following server variables in your password reset email template:
      • {firstName}: First name of the user.
      • {lastName}: Last name of the user.
      • {passwordResetLink}: Link for resetting the password.
      • {expiryTimeStamp}: Time of expiry for the password reset link.
    4. Click Save.

    Note:

    Disabling Email Alerts

    Note: You must be an administrator to disable the email alerts.

    To disable the automatic email alerts when you create a new user or update a user password

    1. On the navigation pane, go to Settings > General Settings.
    2. In User email settings, clear the Activate email alerts for user creation/update checkbox.
    3. Click Ok.