Failure to load portal template of USG6310 from SFTP of eSight

Fault symptom: The portal template for USG6310 used for  users authentication failed to be loaded from eSight

Topology:

The USG6310 are connected to eSight through an IPsec established with a USG6600 only for managemnt traffic.

The IPsec is established by using a Loopback interface on the USG6310.

The command file download sftp was used in a template created on the eSight to be run in all the USG remotly in order to download the portal files templates, the command runs without problem however the files were not downloaded.

The version of eSight is  V200R005C00SPC506

The version of USG6310 is V100R001C20SPC700

To allow the eSight upload the portal templates into the USG, follow the next procedure:

1. Configure white list of the eSight FTP server

Path of FTP configuration file： opt\eSight\AppBase\sysagent\etc\sysconf\svcbase\med_node_1_svc.xml

Find the SFTP on the bottom of the configuration items, such as screenshots (note the < config name = "SFTP)"

Under the permitFileType attribute, add the need to increase the file type suffix;

Need to transport the HTML files, are followed by [hH] [tT] [mM] [lL], with "|" as the separator;

Need to transport the PNG file type, are followed by [pP] [nN] (gG), with "|" as the separator;

Save the file，then restart the eSight

2. Upload the portal file to eSight FTP server

eSight FTP server directory: eSight\AppBase\var\iemp\data\ftp

Upload all the portal file to: eSight\AppBase\var\iemp\data\ftp\portal

3. Login in eSight Network, use smart configuration to create a command template and distributed to the device

The command format is as follows:

system

(Enter the command line mode )

file download sftp *.*.*.* admin Changeme123 portal/*.html

(*.*.*.* is the eSight server IP address，admin should be replaced for user name and Changeme123 for the password，*.html is the portal page file)

file download sftp *.*.*.* admin Changeme123 portal/*.png

(*.*.*.* is the eSight server IP address，admin should be replaced for user name and Changeme123 for the password，*.png is the portal relevant picture file)

On USG63100 make a nat policy to make that all the flow that goes to eSight use the Loopback as a source to make that flow going to VPN tunnel. See attachemet configuration example.