This article goes over the Firewall inbound rules for SFTP Gateway.
SFTP runs on port
22 which is open to the world.
You can restrict IP address ranges on a per-user basis from within the web admin portal.
The SSH protocol (port
2222) and the web admin portal (
443) should be restricted
to System Administrators.
SFTP Gateway exposes the following ports and protocols:
The SFTP protocol runs on TCP port
22. By default, this is open to the world
Within the web admin portal, you can restrict IP address ranges on a per-user basis.
The SSH protocol has been moved to TCP port
2222. (Remember to specify the port number
when connecting via SSH.) This port should be restricted to SysAdmins.
443 are used for the Web Admin Portal.
It's important to restrict these ports to SysAdmins as well, because the Web Admin Portal
lets you create an admin account on first launch.
Here's a table of the various ports and protocols.
When creating a VM instance you have the option of adding network tags, under the
These tags are linked to firewall rules that you have created and when adding the tag on a VM it will then have the specific firewall rule you have created in the
Creating the Firewall
As refrenced prior in the article SFTP Gateway exposes the following ports,
Thus we will tailor the firewall to meet these requirements.
VPC Network select
Firewall, then from there go to "Create a firewall rule" seen at the top of the page.
The name of the firewall rule allows lowercase letters, numbers and hyphens.
You have the ability to turn on firewall logging and to configure which network and priority you want for the firewall rule.
You also have the ability to choose the direction of traffic and action for specific traffic such as to allow/deny.
When creating a firewall rule you must select a target, such as a vm instance or a service account from the same or a separate project.
There is a source filter which allows you to choose between IPv4, IPv6, source tags and a service account. Since I have selected IPv4 I am able to enter in IPv4 ranges, such as your IP address or other IPv4 addresses you want to let through the firewall.
You are also able to specify which ports and protocols the firewall rule applies to and for SFTP gateway select
tcp and ports
Once you have configured the firewall rule to your liking you can create it.
Here is a example of what it woud look like when creating your VM instance: