Frequently asked Questions

The following Sterling Secure Proxy frequently asked questions and answers provide you general and frequently used or required installation, configuration, and replication-related information.

IBM Sterling Secure Proxy

IBM Sterling Secure Proxy (SSP) helps shield your trusted network by preventing direct connectivity between external partners and internal servers. It can secure your network and data exchanges at the network edge to enable trusted business-to-business transactions and Managed file transfer (MFT) file exchanges. As a demilitarized zone (DMZ)-based proxy, Sterling Secure Proxy uses multi-factor authentication, SSL session breaks, the closing of inbound firewall holes, protocol inspection, and other controls to ensure the security of your trusted zone.

Read the following Sterling Secure Proxy frequently asked questions and answers.

Sterling Secure Proxy and Sterling External Authentication Server

Sterling Secure Proxy 6.0.x series and Sterling External Authentication Server 6.0.x series deliver features and enhancements that improve security for your organization’s MFT file exchanges and provide containers to simplify hybrid cloud deployments.

Certified containers. Take advantage of certified containers to simplify the deployment of Sterling Secure Proxy and Sterling External Authentication Server on hybrid cloud infrastructures. Sterling Secure Proxy certified containers are built to Kubernetes standards and qualified on the Red Hat OpenShift Container Platform.

Sterling Secure Proxy can be used as a proxy with Sterling File Gateway and other HTTP applications and supports a single sign-on connection. Single sign-on (SSO) provides access control that allows a user to log in once to Sterling Secure Proxy, using the HTTP protocol, and then gain access to Sterling File Gateway without logging in again. SSO bypasses normal user authentication in Sterling File Gateway and trusts that Sterling Secure Proxy has authenticated the user.

After you set up the basic single sign-on configuration, trading partners can communicate in a secure environment that provides authentication. The trading partner first connects to Sterling Secure Proxy which then connects to Sterling File Gateway on behalf of the trading partner.


Now, support to preserve the client source IP has been extended. For more information, refer to Configuring- Understanding values.YAML.

The components of the Secure Proxy architecture are:

  • Secure Proxy Engine—the engine resides in the DMZ and contains the minimum components necessary to manage communications sessions. The engine configuration (Secure Proxy engine properties) is created at Configuration Manager and pushed to the engine. It is stored in active memory and is never stored on a disk in the DMZ. No web services or UI ports are open in the DMZ.
  • Configuration Manager (Secure Proxy CM)—Configuration Manager is installed in the trusted zone. Use this tool to configure your environment. When you save a configuration definition (Secure Proxy configuration store) at CM, it is pushed to an engine, using an SSL session. Configuration files are encrypted and stored on the computer where CM is installed.

Before you install Sterling Secure Proxy, review the system requirements. Confirm that your system meets all requirements. Follow the procedures to install or upgrade Sterling Secure Proxy.

Verify your installation by starting CM and the engine, and ensuring that they can communicate.

  • The IP and port number to listen on for connections from Configuration Manager
  • SSL key certificate, trusted certificate, and encryption cipher used for the connection from Configuration Manager.

Secure Proxy configuration store is the file is encrypted on disk and contains the following information:

    • The user store with information on user credentials
    • The system certificate store with the certificates used for SSL/TLS sessions
    • The key store with the SSH keys
    • The engine configuration store with all configuration information for the engine.

There are 3 components of IBM Sterling Secure Proxy (SSP Engine (SSP), SSP Configuration Manager (SSPcm), and Perimeter Server (PS)). SSP can also make use of the IBM Sterling External Authentication Server (SEAS).

Latest releases of IBM Sterling Secure Proxy 6.0.x and IBM Sterling External Authentication Server 6.0.x

These Versions release the new features,