Skip to content

Third-Party Load Balancer

Post any question you may have in regards to GoAnywhere MFT and let our talented support staff and other users assist you.
If you need a quicker response, please create a support ticket via the customer portal or contact our support team by email at [email protected].
  • LBVBW Offline
  • Posts: 1
  • Joined: Thu Oct 01, 2015 5:54 am

Third-Party Load Balancer

Post by LBVBW »

We have some questions to GoAnywhere MFT related with a third-party Load Balancer.
But first of all our entire configuration: We use two MFT-Server in connection with two Gateway-Server. In front of the Gateway-Server we use a F5 Load Balancer. The Load Balancer has two different things to do. SSL offloading (HTTPS to HTTP) and of course load balancing (HTTPS and SFTP).

1. The SSL offloading only works, if we change the tomcat settings (install folder/config/https.xml) to:

Code: Select all

<Connector SSLEnabled="false" disableUploadTimeout="true" enableLookups="false" gaRedi-rect="false" name="Internet" port="80" protocol="HTTP/1.1" proxyPort="443" scheme="https" secure="true"/>
Is there another way to enable this settings (scheme and secure)?

2. Is it possible to use the X-Forwarded-For header in GoAnyhwere MFT? And is there an analog possibility for SFTP? Because currently we only see the remote IP Address which is every time the same (the IP of the Load Balancer)

3. Do you have a documentation for using a third-party Load Balancer in front of the Gateway-Server?

Thanks in advance for the help
  • Support_Rick Offline
  • Support Specialist
  • Posts: 590
  • Joined: Tue Jul 17, 2012 2:12 pm
  • Location: Phoenix, AZ
  • Contact:

Re: Third-Party Load Balancer

Post by Support_Rick »


Your best option here is to load the certificates into GoAnywhere and let the product handle the encryptions. It does this seamlessly through the program.

I assume you're trying to pass the originating details through the X-Forwarded-For header ... if so, this isn't recognized within GAMFT.

The issue is that you have to have the F5 forward the Originating IP. Normally this is done by SNAT using an iRule.

Normally, we do not provide support for front-end Load Balancers as the product allows for each customer to utilize VIP, LB, Firewalls, etc to route the communication traffic to the Gateway and/or the GAMFT directly. This is all determined by the Customer Installation and their network architecture. We have customers using F5 as well as Netscaler and others that they configured to pass-thru the originating IP, but we do not provide support for those configurations as they could affect other areas besides GAMFT.
Rick Elliott
Lead Solutions Consultant
(402) 944.4242
(800) 949-4696
  • ejknight52 Offline
  • Posts: 1
  • Joined: Mon Jan 20, 2020 2:35 pm

Re: Third-Party Load Balancer

Post by ejknight52 »

We found the fix to be SSL Forwarding to the Servers through the F5.
Post Reply