I need a free or inexpensive proxy server to connect a satellite facility to the main location, that allows SFTP traffic.

Posted on 2014-08-20
Last Modified: 2014-09-12
I have a satellite facility connected to the main location by MPLS.  They use a proxy located in the main facility to get to the internet.
We are implementing a new scanning solution that transfers the scans via sftp to an offsite vendor.
The solution works great from the main location, but fails from the satellite.
Out existing proxy is Microsoft ISA Server 2004, which is old, I know.
I am not an expert in this topic, but I am the one that has to take care of.
I cannot redesign the entire network.  We have certain things dictated by our parent company!

Any advice would be appreciated,
Question by:RSchalhoub
    LVL 41

    Expert Comment

    Does all traffic from the satellite office go through the main office and the ISA 2004 server? If that is the case then you need to configure the ISA 2004 server to allow traffic from the remote office to the SFTP server over TCP port 22.

    Isn't anyone worried that the software securing your network is 10 years old and that support, including security updates end either in October 2014 (ISA 2004 Standard SP3) or April 2015 (ISA 2004 Enterprise SP3)?
    LVL 40

    Expert Comment

    by:Jackie Man

    Author Comment

    We do not use the ISA Server for security necessarily.  It is basically just to proxy web traffic from other office.
    We have a security infrastructure supplied and supported by our parent company
    I am going replace this proxy, which brings me to my question here.

    I have been told SFTP

    LVL 18

    Accepted Solution

    Zentyal server is free and uses linux squid proxy. Very robust and versatile.
    LVL 40

    Expert Comment

    by:Jackie Man
    You need to create a custom protocol definition for the FTPS as shown info in the link below.
    LVL 32

    Expert Comment

    Just my 2 cents:

    sftp and ftps are not the same thing.

    sftp is really an implementation of ssh, and it does not work well with proxies, particularly so with ISA.
    If you can, reconfigure your settings to not route sftp thru ISA.  
    Otherwise, use an upload buffer:  place a server in your DMZ ,  upload to it from your application in a supported way, and have a scheduled job that uploads via sftp to the offsite vendor.

    Featured Post

    6 Surprising Benefits of Threat Intelligence

    All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

    Join & Write a Comment

    Suggested Solutions

    This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
    Don’t let your business fall victim to the coming apocalypse – use our Survival Guide for the Fax Apocalypse to identify the risks and signs of zombie fax activities at your business.
    After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
    In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor ( If you're interested in additional methods for monitoring bandwidt…

    729 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    18 Experts available now in Live!

    Get 1:1 Help Now