GoAnywhere MFT Agent

Admin Guide
Version 2.4.0
Copyright Terms and Conditions

Copyright © Fortra, LLC and its group of companies. All trademarks and registered trademarks are the property of their respective
owners.
The content in this document is protected by the Copyright Laws of the United States of America and other countries worldwide. The
unauthorized use and/or duplication of this material without express and written permission from Fortra is strictly prohibited. Excerpts and
links may be used, provided that full and clear credit is given to Fortra with appropriate and specific direction to the original content.
202504020138
Table of Contents

Agents 5 Installation – Linux 30

About Agents 5 Requirements 30

Agent Features 5 Linux Installation Consideration 30

Complete Management and Security 5 Installing Agents on Linux 30

Pre-Installation Notes 7 Agent Silent Install - Linux 32

GoAnywhere MFT Software Library 7 Updating or Repairing a Silent

Install (of the same version) 32
Agent Installer Settings 7
Installation − Unix 34
Installing an Agent 19
Requirements 34
Changing the Location of
Configuration Files 23 Installing Agents 34

Port Configuration 24 Agent Silent Install - Unix 37

Java Versions 24 Updating or Repairing a Silent

Install (of the same version) 37
Agent Memory 24
Silent Install Parameters 39
Installation − Windows 26
Installation – IBM i (iSeries) 43
Requirements 26
Requirements 43
Installing Agents on Windows 26
Installing Agents on IBM i 44
Agent Silent Install - Windows 28
Changing Java Versions 54
Updating or Repairing a Silent
Install (of the same version) 28 Installation – Mac OS X 55

GoAnywhere MFT Agent Admin Guide www.goanywhere.com page: 3

Table of Contents

Requirements 55 Product Administration 88

Installing Agents on Mac OS X 55 Starting and Stopping Agents 88

Agent Installer Management 57 Agent Logs 91

Initial Configuration 57 Disaster Recovery 92

Software Library 58 Configuring an Agent to Run On a

Different JVM 93
Browse Online Catalog 59
Uninstalling Agents 94
Configuring the Agent Installer 60
Windows uninstall instructions 94
Pre-Upgrade Notes 69
Linux and Unix uninstall instructions 95
2.3.0 69
IBM i uninstall instructions 95
SQL Server JDBC Driver Update 69
Mac OS X uninstall instructions 96
Encrypted Agent Database 69
Using FTP and FTPS in Passive
2.1.3 69 Mode 97

Network Shares Monitors 69

2.0.0 70

Upgrading Agents 71

Java 11 Considerations 72

Agent Configuration 74

Advanced Configuration 77

Agent Permissions 79

Agent Security Settings 83

page: 4 www.goanywhere.com GoAnywhere MFT Agent Admin Guide

 Agents
About Agents
Agents are lightweight applications that can be deployed to virtually any operating system
including Windows, Linux, IBM i, and more. Agents can run on systems inside an
organization’s network to move files throughout the data center. Agents can also be
deployed to remote sites like branch offices, cloud networks, and other remote locations.
Once an Agent is installed, it is connected to GoAnywhere MFT which takes over
management of the Agents.

Agent Features
l Secures file transfers to and from a central GoAnywhere MFT environment
l Monitors for new, modified, and deleted files on systems where the Agent is
installed
l Compresses and decompresses files on the Agent using Zip, Tar, and Gzip
technology
l Translates data from databases, CSV, Fixed Width, XML, and JSON
l Executes native commands on Agents
l Controls which folders are accessible on the Agent

Complete Management and Security

GoAnywhere MFT is the centralized solution that manages all Agents. Administrators in
GoAnywhere MFT configure the work that should be performed on Agents and can also
view events that occurred, such as file transfers or completed jobs.

The communication between each Agent and GoAnywhere MFT is encrypted using
SSL/TLS. The authentication is a multi-step secure process establishing trust between

GoAnywhere MFT Agent Admin Guide www.goanywhere.com page: 5

Agents / Complete Management and Security

Agents and GoAnywhere MFT. Since the administration is performed in GoAnywhere

MFT's sophisticated browser based interface, no additional security concerns are placed
on Agents.

GoAnywhere MFT automatically rolls out software upgrades to Agents as needed. This is
a seamless process in which GoAnywhere MFT will upgrade Agents while they are not
performing work to minimize disruption.

For more information about Agent features, see the GoAnywhere MFT User Guide.

page: 6 www.goanywhere.com GoAnywhere MFT Agent Admin Guide

 Pre-Installation Notes / GoAnywhere MFT Software Library

Pre-Installation Notes
NOTE: The installation and startup times of Agents 2.2.3 for IBMi may take longer than
previous installations.

GoAnywhere MFT Software Library

Agents can be pre-configured from the Software Library in GoAnywhere MFT 5.5 and later.
The Software Library in GoAnywhere MFT is where you can download Agent installation
packages from the GoAnywhere Customer Portal and store them on your system. Fortra
recommends configuring Agents from the Software Library. For more information, see the
GoAnywhere MFT User Guide.

When an install package is created through the GoAnywhere MFT Software Library, the
installer ZIP file will include an agent_installer_settings.xml file that contains the Agent
configuration settings. When the installer is launched, the configuration settings from the
XML file will populate the settings in the Agent installation wizard.

Agent Installer Settings

When installing an Agent, you can use the agent_installer_settings.xml file that is
included in the installer ZIP file created from the Software Library or you can create your
own XML file. For the installer to use the configuration settings from the XML file you
create, it must reside in the same location as the installation file.

The following table lists the elements that can be updated.

GoAnywhere MFT Agent Admin Guide www.goanywhere.com page: 7

Pre-Installation Notes / Agent Installer Settings

Element Name Description Values

agentName The name of the Agent String

that will appear on the
Agent Manager page
when the Agent
connects. If a name is
not specified, a name
will be created
automatically using the
Agent Registration rules
on the Agent
Configuration
Registration page.

registrationCode The Agent Registration String

Code the Agent will use
to register with
GoAnywhere MFT. If no
registration codes are
configured on the Agent
Service, then this field
can be left blank.

shutdownPort The TCP/IP port number Number: valid

the Agent uses to values are
shutdown. from 1023 to
65536

host The host name or String

IP address of the
GoAnywhere MFT
Agent Service the Agent
will connect to.

page: 8 www.goanywhere.com GoAnywhere MFT Agent Admin Guide

 Pre-Installation Notes / Agent Installer Settings

Element Name Description Values

port The port number of the Number

GoAnywhere MFT Agen
t Service the Agent will
connect to. The default
is 8009.

maxJobRuntime The maximum number Number

of concurrent Jobs that
can be run at any one
time on the Agent. After
the threshold is met, any
additional jobs are
placed in the queue and
are processed in the
order they were
submitted.

maxMonitorRuntime The maximum number Number

of concurrent Monitors
that can be run at any
one time on the Agent.

contextProtocol The desired SSL String

protocol to be used for
the connection to
GoAnywhere MFT. This
setting should match the
SSL protocol on the SSL
tab in the Agent
Configuration in
GoAnywhere MFT. See
the GoAnywhere
MFT User Guide for
more information.

GoAnywhere MFT Agent Admin Guide www.goanywhere.com page: 9

Pre-Installation Notes / Agent Installer Settings

Element Name Description Values

rootCert The GoAnywhere MFT PEM format

Server CA certificate
from the SSL settings of
the Agent Service in
GoAnywhere MFT. The
Server certificate must
be copied from the
PEM Format tab and
then copied to the
installation wizard. See
the GoAnywhere
MFT User Guide for
more information.

restrictTasks Determines if certain Boolean: true

Task types are restricted or false
from being executed on
the Agent.

database Allows the Agent to run Boolean: true

Database tasks on the or false
Agent system.

email Allows the Agent to run Boolean: true

Email tasks on the or false
server where the Agent
is installed.

excel Allows the Agent to run Boolean: true

Excel tasks on the or false
server where the Agent
is installed.

page: 10 www.goanywhere.com GoAnywhere MFT Agent Admin Guide

 Pre-Installation Notes / Agent Installer Settings

Element Name Description Values

execNative Allows the Agent to run Boolean: true

Execute Native or false
Command tasks on the
Agent system.

fileCatalyst Allows the Agent to run Boolean: true

FileCatalyst tasks on the or false
Agent system.

ftp Allows the Agent to run Boolean: true

FTP tasks on the server or false
where the Agent is
installed.

ftps Allows the Agent to run Boolean: true

FTPS tasks on the or false
server where the Agent
is installed.

gofast Allows the Agent to run Boolean: true

GoFast tasks on the or false
server where the Agent
is installed.

pgp Allows the Agent to run Boolean: true

PGP tasks on the server or false
where the Agent is
installed.

ssh Allows the Agent to run Boolean: true

SSH tasks on the server or false
where the Agent is
installed.

GoAnywhere MFT Agent Admin Guide www.goanywhere.com page: 11

Pre-Installation Notes / Agent Installer Settings

Element Name Description Values

webService Allows the Agent to run Boolean: true

Web Service tasks on or false
the server where the
Agent is installed.

zip Allows the Agent to run Boolean: true

File Compression tasks. or false

amazonS3FIle Allows the Agent to Boolean: true

utilize the Amazon S3 or false
Buckets Resource on
the server where the
Agent is installed.

azureFile Allows the Agent to Boolean: true

utilize the Azure Blob or false
Storage Resource on
the server where the
Agent is installed.

networkShareFile Allows the Agent to Boolean: true

utilize the Network or false
Shares Resource on the
server where the Agent
is installed.

webdavFile Allows the Agent to Boolean: true

utilize the WebDAV or false
Resource on the server
where the Agent is
installed.

page: 12 www.goanywhere.com GoAnywhere MFT Agent Admin Guide

 Pre-Installation Notes / Agent Installer Settings

Element Name Description Values

folders By default, the Agent See Agent

cannot access any Permissions
folders on the system for a sample
where the Agent is folder
installed. Modify or add configuration.
folder locations that can
be used by the Agent.

fipsEnabled When FIPS 140-2 Boolean: true

Compliance Mode is or false
enabled, GoAnywhere
MFT will only use FIPS
140-2 validated
algorithms (ciphers) for
encrypting
transmissions over SSH
and SSL channels
including SFTP, SCP,
FTPS, and HTTPS
protocols.

disabledProtocols The SSL/TLS protocol A comma

versions to disable separated list
globally. Some of SSL/TLS
protocols may forcibly protocol
be disabled depending names.
on your JVM and
security provider.

GoAnywhere MFT Agent Admin Guide www.goanywhere.com page: 13

Pre-Installation Notes / Agent Installer Settings

Element Name Description Values

disabledCiphers The SSL/TLS cipher A comma

suites to disable separated list
globally. Some cipher of cipher suite
suites may forcibly be names.
disabled depending on
your JVM and security
provider.

certificateValidationCABasicConstraintServ Verifies the Certificate Boolean: true

er Authority (CA) is marked or false
as a CA with a valid path
length in its basic
constraints.

certificateValidationCABasicConstraintEmail Verifies the Certificate Boolean: true

Authority (CA) is marked or false
as a CA with a valid path
length in its basic
constraints.

certificateValidationDateValidityServer Applies date validity Boolean: true

check to server or false
certificates.

certificateValidationDateValidityEmail Applies date validity Boolean: true

check to email or false
certificates.

certificateValidationExtendedKeyUsageServ Applies extended key Boolean: true

er usage check to server or false
certificates. The check
will validate the intended
purpose of the
certificate - server
authentication.

page: 14 www.goanywhere.com GoAnywhere MFT Agent Admin Guide

 Pre-Installation Notes / Agent Installer Settings

Element Name Description Values

certificateValidationExtendedKeyUsageEma Applies extended key Boolean: true

il usage check to email or false
certificates. The check
will validate the intended
purpose of the
certificate - email
protection.

certificateRevocationListCheckServer Applies Certificate Boolean: true

Revocation List (CRL) or false
check to server
certificates.

certificateRevocationListCheckEmail Applies Certificate Boolean: true

Revocation List (CRL) or false
check to email
certificates.

certificateRevocationListRefreshInterval How often to refresh all Number

Certificate
Revocation Lists (CRLs)
if CRLs are enabled.

certificateRevocationListURLs The URLs to use for A pipe '|'

Certificate separated list
Revocation List (CRL) of URLs.
checking.

GoAnywhere MFT Agent Admin Guide www.goanywhere.com page: 15

Pre-Installation Notes / Agent Installer Settings

Element Name Description Values

allowImplicitTrust Whether implicit trust is Boolean: true

allowed for certain or false
connections that support
this configuration. If
implicit trust is not
allowed, implicit trust
will be globally disabled
and all connections will
be required to validate
certificates.

localAddress The local IP address of String

the Agent that will be
used when connecting
to GoAnywhere MFT.

localPortFrom The inclusive starting Number: valid

range port number to values are
use when restricting from 1023 to
local ports for outgoing 65536
Agent connections to
GoAnywhere MFT. The
localPortTo attribute
must also be specified
to restrict port range.

localPortTo The inclusive ending Number: valid

range port number to values are
use when restricting from 1023 to
local ports for outgoing 65536
Agent connections to
GoAnywhere MFT. The
localPortFrom attribute
must also be specified
to restrict port range.

page: 16 www.goanywhere.com GoAnywhere MFT Agent Admin Guide

 Pre-Installation Notes / Agent Installer Settings

Element Name Description Values

localAddressRequestTimeout The time to wait in Number: valid

seconds for a local values are
address to become from 1 to 240.
available. This attribute
only applies when the
localPortTo and
localPortFrom attributes
are specified.

socketLinger A socket option Number: valid

indicating how long after value is any
usage of a local socket number
should it stay in TIME_ greater than
WAIT status. Typically, -1 (value of 0
sockets are left in a indicates it
TIME_WAIT status after will not wait).
connections are closed.

reuseAddress A socket option that tells Boolean: true

the kernel to reuse the or false
port even if the port is
busy in the TIME_WAIT
status.

Sample Configuration

The following is a sample agent_installer_settings.xml file for an Agent.

<?xml.version="1.0" encoding="UTF-9" standalone="no"?>

<settings>
<agentName>agent</agentName>
<shutdownPort>1401</shutdownPort>
<host>1.1.1.1</host>
<port>9009</port>

GoAnywhere MFT Agent Admin Guide www.goanywhere.com page: 17

Pre-Installation Notes / Agent Installer Settings

<maxJobRuntime>20</maxJobRuntime>
<maxMonitorRuntime>20</maxMonitorRuntime>
<contextProtocol>TLSv1.2</contextProtocol>
<rootCert>PEM formatted certificate</rootCert>
<restrictTasks>false</restrictTasks>
<database>true</database>
<email>true</email>
<excel>true</excel>
<execNative>true</execNative>
<fileCatalyst>true</fileCatalyst>
<ftp>true</ftp>
<ftps>true</ftps>
<gofast>true</gofast>
<pgp>true</pgp>
<ssh>true</ssh>
<webService>true</webService>
<zip>true</zip>
<amazonS3File>true</amazonS3File>
<azureFile>true</azureFile>
<networkShareFile>true</networkShareFile>
<webdavFile>true</webdavFile>
<folders>
<folder alias="root" path="/" readOnly="true"/>
</folders>
<fipsEnabled>false</fipsEnabled>
<disabledProtocols/>
<disabledCiphers/>
<certificateValidationCABasicConstraintServer>true</certificateValidationCABasicConstra
intServer>
<certificateValidationCABasicConstraintEmail>true</certificateValidationCABasicConstrai
ntEmail>
<certificateValidationDateValidityServer>true</certificateValidationDateValidityServer>
<certificateValidationDateValidityEmail>true</certificateValidationDateValidityEmail>
<certificateValidationExtendedKeyUsageServer>true</certificateValidationExtendedKeyUsag
eServer>
<certificateValidationExtendedKeyUsageEmail>true</certificateValidationExtendedKeyUsage
Email>
<certificateRevocationListCheckServer>false</certificateRevocationListCheckServer>
<certificateRevocationListCheckEmail>false</certificateRevocationListCheckEmail>
<certificateRevocationListRefreshInterval>5</certificateRevocationListRefreshInterval>

page: 18 www.goanywhere.com GoAnywhere MFT Agent Admin Guide

 Pre-Installation Notes / Installing an Agent

<certificateRevocationListURLS/>
<allowImplicitTrust>false</allowImplicitTrust>
<localAddress>1.2.3.4</localAddress>
<localPortFrom>23000</localPortFrom>
<localPortTo>24000</localPortTo>
<localAddressRequestTimeout>30</localAddressRequestTimeout>
<reuseAddress>true</reuseAddress>
<socketLinger>10</socketLinger>
</settings>

Installing an Agent
The Agent installation wizard will prompt for the fields listed in the following table.

Field Definition

Agent Name The name of the Agent that will appear on the Agent Manager
page when the Agent connects. If a name is not specified, a
name will be created automatically using the Agent
Registration rules on the Agent Configuration Registration
page.

Registration Code The Agent Registration Code the Agent will use to register with
GoAnywhere MFT. If no registration codes are configured on
the Agent Service, then this field can be left blank.

Shutdown Port The TCP/IP port number the Agent uses to shutdown. The
default is 8015.

GoAnywhere MFT The host name or IP address of the GoAnywhere MFT Agent
Server Host Service the Agent will connect to.

GoAnywhere MFT The port number of the GoAnywhere MFT Agent Service the
Server Port Agent will connect to. The default is 8009.

GoAnywhere MFT Agent Admin Guide www.goanywhere.com page: 19

Pre-Installation Notes / Installing an Agent

Field Definition

SSL Context Protocol
Specify the desired SSL protocol to be used for the connection
to GoAnywhere MFT. This setting should match the SSL
protocol on the SSL tab in the Agent Configuration in
GoAnywhere MFT. See the GoAnywhere MFT User Guide for
more information.

Agent Server CA Provide the GoAnywhere MFT Server CA certificate from the
Certificate SSL settings of the Agent Service in GoAnywhere MFT. The
Server certificate must be copied from the PEM Format tab
and then copied to the installation wizard. See the
GoAnywhere MFT User Guide for more information.

Path to Agent CA When configuring an Agent in command line mode, you will be
Certificate prompted for the path to the Agent Server CA Certificate. The
certificate must be accessible from the system the Agent is
being installed on.

Security

Enable FIPS 140-2 When FIPS 140-2 Compliance Mode is enabled, GoAnywhere
Compliance Mode MFT will only use FIPS 140-2 validated algorithms (ciphers)
for encrypting transmissions over SSH and SSL channels
including SFTP, SCP, FTPS, and HTTPS protocols.

Disabled Cipher Suites Specify the SSL/TLS cipher suites to disable globally. Some
cipher suites may forcibly be disabled depending on your JVM
and security provider. Values must be comma separated.

Disabled Protocols Specify the SSL/TLS protocol versions to disable globally.

Some protocols may forcibly be disabled depending on your
JVM and security provider. Values must be comma separated.

CA Basic Constraints Select check box to verify the Certificate Authority (CA) is
Validation marked as a CA with a valid path length in its basic
constraints.

Date Validation Select check box to apply date validity check to server and
email certificates.

page: 20 www.goanywhere.com GoAnywhere MFT Agent Admin Guide

 Pre-Installation Notes / Installing an Agent

Field Definition

Extended Key Usage Select check box to apply extended key usage check to server
Validation and email certificates. The check will validate the intended
purpose of the certificate - server authentication and email
protection.

Certificate Revocation Select check box to apply CRL check to server and email
Lists (CRL) certificates.

Certificate Revocation Specify the URLs to use for CRL checking. Must be a pipe '|'
Lists (CRL) URLs separated list.

Refresh Interval If CRLs are enabled, specify how often to refresh all CRLs.
Default Value: 5 minutes.

Implicit Trust Allow All Specify whether to allow implicit trust for certain connections
that support this configuration. If unchecked, implicit trust will
be globally disabled and all connections will be required to
validate certificates.

Permissions

Alias By default, the Agent cannot access any folders on the system
where the Agent is installed. To add a folder the Agent can
access, specify the Alias and Path for the folder location that
appears in the Agent file chooser.

Path The path to the folder location on the Agent installation.

Read Only Indicates if the Agent will have Read Only access to the folder
location.

Restrict Tasks When selected, the types of Tasks the Agent can execute are
restricted to the selected Task types.

Allow Amazon S3 File Allows the Agent to utilize the Amazon S3 Buckets Resource
Syntax on the server where the Agent is installed.

Allow Azure File Allows the Agent to utilize the Azure Blob Storage Resource
Syntax on the server where the Agent is installed.

GoAnywhere MFT Agent Admin Guide www.goanywhere.com page: 21

Pre-Installation Notes / Installing an Agent

Field Definition

Allow Network Share Allows the Agent to utilize the Network Shares Resource on
File Syntax the server where the Agent is installed.

Allow WebDAV File Allows the Agent to utilize the WebDAV Resource on the
Syntax server where the Agent is installed.

Allow Execute Native Allows the Agent to run Execute Native Command tasks on the
Command Agent system.

Allow FileCatalyst Allows the Agent to run FileCatalyst tasks on the Agent
Tasks system.

Allow Database Tasks Allows the Agent to run Database tasks on the Agent system.

Allow Email Tasks Allows the Agent to run Email tasks on the server where the
Agent is installed. Valid values are true or false.

Allow Excel Tasks Allows the Agent to run Excel tasks on the server where the
Agent is installed. Valid values are true or false.

Allow FTP Tasks Allows the Agent to run FTP tasks on the server where the
Agent is installed. Valid values are true or false.

Allow FTPS Tasks Allows the Agent to run FTPS tasks on the server where the
Agent is installed. Valid values are true or false.

Allow GoFast Tasks Allows the Agent to run GoFast tasks on the server where the
Agent is installed. Valid values are true or false.

Allow PGP Tasks Allows the Agent to run PGP tasks on the server where the
Agent is installed. Valid values are true or false.

Allow SSH Tasks Allows the Agent to run SSH tasks on the server where the
Agent is installed. Valid values are true or false.

Allow WebService Allows the Agent to run Web Service tasks on the server
Tasks where the Agent is installed. Valid values are true or false.

Allow Zip Tasks Allows the Agent to run File Compression tasks on the Agent
system.

page: 22 www.goanywhere.com GoAnywhere MFT Agent Admin Guide

 Pre-Installation Notes / Changing the Location of Configuration Files

Changing the Location of Configuration

Files
By default, Agent config files are located in the [installdirectory]/config folder.

On install, you have an option to specify a custom location for Agent config files. If a
custom location is specified, the path will be written to system.properties and the config
files will be moved to the user defined directory.

If you want to change the location of the Agent config files after installing or upgrading an
Agent, you will need to add the new path to the system.properties file and manually move
the config files to the user defined directory.

To create a user defined directory and to manually move the Agent config files, complete
the following steps:

1. Change the directory in the system.properties file. For example:

com.linoma.config.directory=C:\\ProgramData\\Fortra\\GoAnywhere\\

NOTE:

All backslash ('\') characters need to be escaped in a given file path with an
additional backslash as noted in the example above.

2. Create a new folder in the user defined directory named 'config'.

3. Move the following Agent config files from the install directory into the user defined
config folder:
l agent.xml
l database.xml
l log4j2.xml
l permissions.xml
l security.xml

GoAnywhere MFT Agent Admin Guide www.goanywhere.com page: 23

Pre-Installation Notes / Port Configuration

Port Configuration
There are two port numbers to configure when installing Agents, the Agent shutdown port
and the GoAnywhere MFT Agent Service port. The Agent shutdown port is locally bound
and used as part of the Agent shutdown process. The GoAnywhere MFT Agent Service
port is the port number of the Agent Service in GoAnywhere MFT that the Agent will
connect to.

Port Description
Number

8015 Agent shutdown port

8009 GoAnywhere MFT connection port

These port numbers can be overridden either during the installation or at any time after the
installation.

Java Versions
Java version 11 is bundled with the Windows and Linux installers. Refer to the UNIX and
IBM i sections for their respective Java version requirements.

Agent Memory
You can adjust the maximum JVM memory usage for an Agent on a Windows or Linux
system by following the instructions below.

1. Create a text file and name it agentd.vmoptions.

2. Paste the following text in the file:

# Enter one VM parameter per line

# For example, to adjust the maximum memory usage to 2 GB,
uncomment the following line:
-Xmx2048m

page: 24 www.goanywhere.com GoAnywhere MFT Agent Admin Guide

 Pre-Installation Notes / Agent Memory

# To include another file, uncomment the following line:

# -include-options [path to other .vmoption file]

3. Save the file and place it in the <installdir>/bin folder.

GoAnywhere MFT Agent Admin Guide www.goanywhere.com page: 25

Installation − Windows / Requirements

Installation − Windows
A Windows installation wizard is provided for GoAnywhere Agents which installs the
product files into the directory of your choice. Agents will be implemented as a Windows
Service which will automatically start (by default) when Windows starts.

The Windows Agent installer application can be pre-configured and generated through
GoAnywhere MFT via the Software Library manager. For instruction on how to configure
and generate a Windows Agent installer application .ZIP file, refer to the GoAnywhere
MFT User Guide. Otherwise, you can download the Agent installer through the
GoAnywhere Customer Portal.

Requirements
Operating Systems supported Windows Server 2012®

Windows Server 2012 R2®

Windows Server 2016®

Windows 8®

Windows 10®

Windows 11®

Disk space 160 MB

Memory 512 MB minimum

Installing Agents on Windows

Perform the following steps to install an Agent onto a Windows machine.

page: 26 www.goanywhere.com GoAnywhere MFT Agent Admin Guide

 Installation − Windows / Installing Agents on Windows

1. Login to the target Windows system as an administrator.

2. Navigate to the file location of the Agent installer or pre-configured Agent ZIP file.

NOTE:

If you have a 64-bit operating system, make sure you have the 64-bit version.

3. If you are using the Agent ZIP file, extract the contents of the file.

4. Launch the installer application.

5. The GoAnywhere Agent Setup Wizard will then guide you through the remainder of
the installation process.

6. When prompted, specify the Agent configuration settings. If your Agent installer
application was pre-configured, all required Agent Configuration settings will be
populated using data provided when the installer was initially configured in
GoAnywhere MFT.

NOTE:
Agents are configured in Windows as an automatic startup Service. This means that
the Agent will automatically start whenever Windows starts.

GoAnywhere MFT Agent Admin Guide www.goanywhere.com page: 27

 / Agent Silent Install - Windows

Agent Silent Install - Windows

The installation of an Agent can be automated by using a silent install option. Silent install
uses the Windows command line to execute the installation.

NOTE:
The agent_installer_settings.xml file must be in the same directory as the Agent
installer file or the silent install will fail.

To perform a silent install of an Agent on Windows:

1. Log in to the target Windows system as an administrator.

2. Open the command prompt and use the cd command to navigate to the directory
containing the Agent installer.

3. Enter the command to execute the Agent installer in the desired location.

Parameters that begin with -V must be specified as a key=value pair. Separate each -V
parameter with a space.

EXAMPLE:
[installer file name].exe -q -Vgaagent.port=8009 -Vgaagent.shutdownPort=8015

The following command is used to silently install an Agent.

[installer file name].exe -q -dir "[path]"

For parameters for silent install on Windows, see the Parameters table.

Updating or Repairing a Silent Install (of the same version)

Use the following instructions to update or repair an Agent:

GoAnywhere MFT Agent Admin Guide www.goanywhere.com page: 28

/ Agent Silent Install - Windows

1. Log in to the target Windows system as an administrator.

2. Open the command prompt and use the cd command to navigate to the directory
containing the Agent installer.

3. Execute the following command where "[path]" is the location of the Agent
installation you want to update or repair:

[installer file name].exe -q -dir "[path]"

EXAMPLE:
agent1_3_1_windows_x64.exe -q -dir "C:\Agents"

page: 29 www.goanywhere.com GoAnywhere MFT Agent Admin Guide

 Installation – Linux / Requirements

Installation – Linux
GoAnywhere Agents can be installed onto any Linux server including Red Hat, CentOS,
SUSE, Ubuntu, and others.

A graphical installation wizard is provided for Agents which installs the product files into the
directory of your choice.

Requirements
Disk space 160 MB

Memory 512 MB minimum

Linux Installation Consideration

GoAnywhere Agents are capable of executing native Linux commands and programs, as
well as file actions such as read, write, and delete. It is recommended to designate a non-
root user on the system that will be used to install and run the Agent application. This user
will be the owner of all files created during installation as well as files written to the file
system during use.

Installing Agents on Linux

Perform the following steps to install an Agent onto a Linux system.

1. Create or designate a non-root user on the system that will be used to install and
run the Agent application. This user will be the owner of all files created during
installation as well as files written to the file system during use.

2. Login to the target Linux system as the user designated in step 1.

3. Copy the Agent Linux installer file to the Linux server.

4. If you are using the Agent ZIP file, extract the contents of the file.

GoAnywhere MFT Agent Admin Guide www.goanywhere.com page: 30

Installation – Linux / Installing Agents on Linux

5. If needed, set the Executable bit on the file (e.g. chmod 755 filename.sh).

6. If you have a graphical desktop for Linux, execute the downloaded installer file and
follow the prompts on the screens. Otherwise, execute the downloaded installer file
with a –c option (e.g. installer_filename.sh -c) and follow the prompts.

NOTE:
When installing an Agent in command line mode, you will be prompted for the
path to the Agent Server CA Certificate. If you would like to use a certificate
other than one pre-configured, that certificate must be accessible from the
system the Agent is being installed on.

1. Specify the Agent configuration settings. If your Agent installer application was pre-
configured, all required Agent Configuration settings will be populated using data
provided when the installer was initially configured in GoAnywhere MFT.

2. Start the Agent by following these instructions:

a. Open a Terminal window.

b. Change the working directory to the directory where the Agent was installed
(for example, cd /usr/local/Fortra/GoAnywhere_Agent/bin)

c. Start the Agent by executing the following shell script:

./agentd start

3. The installation and startup of the Agent is complete.

NOTE:
You can setup an Agent so it starts automatically when the Linux system is booted.
Please refer to your operating system manual for more details on setting up auto-start
services.

page: 31 www.goanywhere.com GoAnywhere MFT Agent Admin Guide

 / Agent Silent Install - Linux

Agent Silent Install - Linux

The installation of an Agent can be automated by using a silent install option.

NOTE:
The agent_installer_settings.xml file must be in the same directory as the Agent
installer file or the silent install will fail.

To perform a silent install of an Agent on Linux:

1. Copy the Agent Linux installer file to the Linux server.

2. If you are using the Agent ZIP file, extract the contents of the file.

3. Execute the downloaded installer file using the following command:

[installer_filename].sh -q -dir "[path]"

Parameters that begin with -V must be specified as a key=value pair. Separate each -V
parameter with a space.

EXAMPLE:
[installer file name].sh -q -Vgaagent.port=8009 -Vgaagent.shutdownPort=8015

For parameters for silent install on Windows, see the Parameters table.

Updating or Repairing a Silent Install (of the same version)

Use the following instructions to update or repair an Agent:

1. Copy the new Agent Linux installer file to the Linux server.

2. If you are using the Agent ZIP file, extract the contents of the file.

3. Execute the downloaded installer file using the following command where "[path]" is
the location of the Agent installation you want to update or repair:

[installer_filename].sh -q -dir "[path]"

GoAnywhere MFT Agent Admin Guide www.goanywhere.com page: 32

/ Agent Silent Install - Linux

EXAMPLE:
agent0_9_0_linux_x64.sh -q -dir "/usr/local/Fortra/GoAnywhere_Agent"

page: 33 www.goanywhere.com GoAnywhere MFT Agent Admin Guide

 Installation − Unix / Requirements

Installation − Unix
This page includes Agent installation instructions for AIX, HP-UX, Solaris or non x86-
based Linux systems (Unix).

An installation wizard is provided which installs the product files into the directory of your
choice.

Requirements
Disk space 160 MB

Memory 512 MB minimum

JRE (Java Runtime Environment) 11

Installing Agents
Perform the following steps to install Agents onto a Unix server.

1. Create or designate a non-root user on the system that will be used to install and
run the Agent application. This user will be the owner of all files created during
installation as well as files written to the file system during use.

2. Login to the server as the user designated in step 1.

3. Copy the Agent Unix installer file to the server.

4. If you are using the Agent ZIP file, extract the contents of the file.

5. Open a Terminal window.

6. Change the directory to where the installer file was downloaded (e.g. cd
/root/Desktop).

7. If needed, set the Executable bit on the file (e.g. chmod 755 ga5_x_x_unix.sh).

8. Run the installer (e.g. ./agent1_0_0_linux_x86.sh).

GoAnywhere MFT Agent Admin Guide www.goanywhere.com page: 34

Installation − Unix / Installing Agents

9. The installer will attempt to find a compatible JRE (Java Runtime Environment) for
the installation process. Follow the steps below if the installer cannot find a
compatible JRE:

a. Define an environment variable named INSTALL4J_JAVA_HOME to point to

the home directory of the JRE (e.g. export INSTALL4J_JAVA_
HOME=/usr/lib/jvm/java-11-openjdk/jre).

b. Clear the Installer cache by removing the file named .install4j from your
home directory
(e.g. rm /root/.install4j).

c. Run the installer again (e.g. ./agent1_0_0_linux_x86.sh).

10. Specify the Agent configuration settings. If your Agent installer application was pre-
configured, all required Agent Configuration settings will be populated using data
provided when the installer was initially configured in GoAnywhere MFT.

NOTE:
When installing an Agent in command line mode, you prompted for the path to
the Agent Server CA Certificate. If you would like to use a certificate other than
one pre-configured, that certificate must be accessible from the system the
Agent is being installed on.

Start an Agent by following these instructions:

1. Open a Terminal window.

2. Change the working directory to the directory where Agents is installed. (eg, cd
/usr/local/Fortra/GoAnywhere_Agent/bin)

3. Start the Agents by executing the following shell script:

./agentd.sh start.

4. If you receive an error indicating that no JRE could be found, set an environment
variable named JAVA_HOME to point to the JRE’s home directory
(e.g. export JAVA_HOME=/usr/lib/jvm/java-11-openjdk/jre) and try starting
Agents again.

page: 35 www.goanywhere.com GoAnywhere MFT Agent Admin Guide

 Installation − Unix / Installing Agents

NOTE:
You can setup Agents so it starts automatically when the system is booted. Please
refer to your operating system manual for more details on setting up auto-start
services. You can execute goanywhere.sh from your startup scripts.

GoAnywhere MFT Agent Admin Guide www.goanywhere.com page: 36

 / Agent Silent Install - Unix

Agent Silent Install - Unix

The installation of an Agent can be automated by using a silent install option.

NOTE:
The agent_installer_settings.xml file must be in the same directory as the Agent
installer file or the silent install will fail.

To perform a silent install of an Agent on AIX, HP-UX, Solaris or non x86-based Linux
systems (Unix):

1. Copy the Agent Unix installer file to the Unix server.

2. If you are using the Agent ZIP file, extract the contents of the file.

3. Execute the downloaded installer file using the following command:

[installer_filename].sh -q -dir "[path]"

Parameters that begin with -V must be specified as a key=value pair. Separate each -V
parameter with a space.

EXAMPLE:
[installer file name].sh -q -Vgaagent.port=8009 -Vgaagent.shutdownPort=8015

For parameters for silent install on Unix, see the Parameters table.

Updating or Repairing a Silent Install (of the same version)

Use the following instructions to update or repair an Agent:

1. Copy the new Agent Unix installer file to the Unix server.

2. If you are using the Agent ZIP file, extract the contents of the file.

3. Execute the downloaded installer file using the following command where "[path]" is
the location of the Agent installation you want to update or repair:

GoAnywhere MFT Agent Admin Guide www.goanywhere.com page: 37

/ Agent Silent Install - Unix

[installer_filename].sh -q -dir "[path]"

EXAMPLE:
agent0_9_0_unix_x64.sh -q -dir "/usr/local/Fortra/GoAnywhere_Agent"

page: 38 www.goanywhere.com GoAnywhere MFT Agent Admin Guide

 Silent Install Parameters /

Silent Install Parameters

The following table contains the required and optional parameters for a silent install on
Windows, Linux, and AIX, HP-UX, Solaris or non x86-based Linux systems (Unix).

Parameter Name Description Required?

-q Displays no user Yes

interface.

-dir The directory path No

where the Agent is to be
installed.

-console Displays a console No

output.

-Vgaagent.serviceDisplayName The display name of the No

GoAnywhere MFT
Agent service.

NOTE: This
parameter is used
only for silent install
on Windows.

GoAnywhere MFT Agent Admin Guide www.goanywhere.com page: 39

Silent Install Parameters /

Parameter Name Description Required?

-Vgaagent.serviceName The name of the No

GoAnywhere MFT
Agent service (this is
typically the same as
the
serviceDisplayName).

NOTE: This
parameter is used
only for silent install
on Windows.

-Vgaagent.port The port number or No

IP address of the
GoAnywhere MFT
Agent service the Agent
will connect to. The
default is 8009.

-Vgaagent.shutdownPort The TCP/IP port No

number the Agent uses
to shutdown. The
default is 8015.

-Vgaagent.maxJobRuntime The maximum number No

of concurrent Jobs that
can be run at any one
time on the Agent.

-Vgaagent.maxMonitorRuntime The maximum number No

of concurrent Monitors
that can be run at any
one time on the Agent.

page: 40 www.goanywhere.com GoAnywhere MFT Agent Admin Guide

 Silent Install Parameters /

Parameter Name Description Required?

-Vgaagent.localAddress The local IP address of No

the GoAnywhere MFT
instance this Agent will
connect to.

-Vgaagent.localPortFrom The inclusive starting No

range port number to
use when restricting
ports connecting to the
GoAnywhere MFT
instance. The
localPortTo attribute
must also be specified
to restrict port range.
Valid values are from
1023 to 65536.

-Vgaagent.localPortTo The inclusive ending No

range port number to
use when restricting
ports connecting to the
GoAnywhere MFT
instance. The
localPortFrom attribute
must also be specified
to restrict port range.
Valid values are from
1024 to 65536.

GoAnywhere MFT Agent Admin Guide www.goanywhere.com page: 41

Silent Install Parameters /

Parameter Name Description Required?

-Vgaagent.localAddressRequestTimeout The time to wait in No

seconds for a local
address to become
available. This attribute
only applies when the
localPortTo and
localPortFrom attributes
are specified. Valid
values are from 1 to
240.

-Vgaagent.socketLinger A socket option No

indicating how long
after usage of a local
socket should it stay in
TIME_WAIT status.
Typically, sockets are
left in a TIME_WAIT
status after connections
are closed. Valid value
is any number greater
than -1 (value of 0
indicates it will not wait).

-Vgaagent.reuseAddress A socket option that No

tells the kernel to reuse
the port even if the port
is busy in the TIME_
WAIT status.

page: 42 www.goanywhere.com GoAnywhere MFT Agent Admin Guide

 Installation – IBM i (iSeries) / Requirements

Installation – IBM i (iSeries)

GoAnywhere Agents can be installed on IBM i systems which meet the following
requirements.

Requirements
Operating System IBM i V7R3 or higher

Disk Space 160 MB for product (does not include user data)

Memory 512 MB minimum

Required licensed programs

The following IBM i licensed programs are prerequisites to the installation of Agents, which
are dependent on IBM i release and your choice of supported Java version.

IBM i Licensed Program Product Description

Release Option

V7R3, 5770JV1 19 Java SE 11 64

V7R4, bit
V7R5
5770SS1 30 QShell

5770SS1 33 Portable App

Solutions
Environment

To check if the licensed programs (listed above) are installed on your IBM i, execute the
command GO LICPGM and select option 10 to display the installed licensed programs.
Press F11 twice from that screen to display the Product Options.

GoAnywhere MFT Agent Admin Guide www.goanywhere.com page: 43

Installation – IBM i (iSeries) / Installing Agents on IBM i

If these licensed programs are not loaded on your IBM i, they may be available on the IBM
software CDs that came with your IBM i. Otherwise, you will have to request those
licensed programs from IBM, which are normally provided at no charge.

Required PTFs

The following IBM i Program Temporary Fixes (PTFs) and Group PTFs are prerequisites
to installing Agents.

V7R3, V7R4, Group Java group build 11

V7R5 PTF

Use the command DSPPTF to verify that the required individual PTFs are applied. Use
the command
WRKPTFGRP to verify that the required group PTFs are applied.

IBM i components installed

The following components will be installed onto the IBM i by the Agents installation
process:

n A IBM i library will be created, which will contain the Agents commands and
program objects. The default library name is GAAGENT, which can be changed
during installation.
n An IFS folder will be created, which will contain the Agents software
components. The default IFS folder name is /fortra/gaagent, which can be
changed during installation.

Installing Agents on IBM i

Perform the following steps to install the Agents product onto the IBM i.

1. Sign on to the IBM i with the QSECOFR user profile OR with a profile which has
*ALLOBJ authority.

page: 44 www.goanywhere.com GoAnywhere MFT Agent Admin Guide

 Installation – IBM i (iSeries) / Installing Agents on IBM i

2. Create a temporary Save file on your IBM i by executing the following IBM i
command:
CRTSAVF FILE(QGPL/GAAGENT)

3. The Agents software needs to be uploaded to your IBM i using FTP. Before
proceeding, ensure the FTP server is running on the IBM i. To start the native FTP
server on the IBM i, you can issue the IBM i command of STRTCPSVR SERVER
(*FTP).

4. Download the Agents installer (for IBM i) from the Customer Portal at
my.goanywhere.com or using the Software Library in GoAnywhere MFT.

5. Extract the files from the installer ZIP file into a new temporary folder on your
workstation. The extracted files will be named GAAGENT.SAVF and agent_
installer_settings.xml.

6. FTP the extracted GAAGENT.SAVF file from your PC to the Save file on the IBM i
(that was created in step 2). Listed below are instructions for a Windows user:

a. Open a DOS window.

b. Enter the DOS command FTP <hostname>, where <hostname> is the host
name or IP address of your IBM i.

c. Login with your IBM i user id and password, then enter the following
highlighted FTP commands:

ftp> BINARY Switches the FTP session to binary mode

ftp> LCD \<tempdir> The <tempdir> is the PC directory containing

the file named GAAGENT.SAVF

ftp> CD qgpl Changes the remote directory to the QGPL

library

ftp> Sends the PC file GAAGENT.SAVF to the

PUT IBM i Save file named GAAGENT
GAAGENT.SAVF GAAGENT

ftp> QUIT Ends your FTP session

GoAnywhere MFT Agent Admin Guide www.goanywhere.com page: 45

Installation – IBM i (iSeries) / Installing Agents on IBM i

7. FTP the extracted agent_installer_settings.xml file from your PC to a temporary

location on the IFS. Listed below are instructions for a Windows user:

a. Open a DOS window.

b. Enter the DOS command FTP <hostname>, where <hostname> is the host
name or IP address of your IBM i.

c. Login with your IBM i user id and password, then enter the following
highlighted FTP commands:

ftp> BINARY Switches the FTP session to binary mode

ftp> LCD \<tempdir> The <tempdir> is the PC directory containing

the file named agent_installer_settings.xml

ftp> CD /<ifsdir> Changes the remote directory to a desired IFS

folder, for example, /tmp

ftp> Sends the PC file agent_installer_settings.xml

PUT agent_installer_ to the IFS folder location
settings.xml agent_installer_
settings.xml

ftp> QUIT Ends your FTP session

8. Restore the installation objects into QTEMP by executing the following IBM i
command:
RSTOBJ OBJ(*ALL) SAVLIB(QTEMP) DEV(*SAVF) SAVF(QGPL/GAAGENT)

9. Delete the temporary Save file by executing the following IBM i command
(optional):
DLTF FILE(QGPL/GAAGENT)

10. If QTEMP library is not in your library list, then add it by executing the following IBM
i command:
ADDLIBLE LIB(QTEMP) POSITION(*FIRST)

page: 46 www.goanywhere.com GoAnywhere MFT Agent Admin Guide

 Installation – IBM i (iSeries) / Installing Agents on IBM i

11. Prompt (F4) the command QTEMP/INSTALLGAA for installing Agents. The
following screen appears.

12. If NO is selected for Use settings from XML file, the following screens appear.

GoAnywhere MFT Agent Admin Guide www.goanywhere.com page: 47

Installation – IBM i (iSeries) / Installing Agents on IBM i

page: 48 www.goanywhere.com GoAnywhere MFT Agent Admin Guide

 Installation – IBM i (iSeries) / Installing Agents on IBM i

Parameter descriptions

Field name Description

Use Settings from Indicate whether to use the settings XML file that was
XML file created on the GoAnywhere MFT server.

Settings XML file Full IFS path of the settings XML file created by MFT to
use to install the Agent, the path designated in step 7.

Install Library The library to contain the Agents product objects. The
specified library name must not already exist.

Install IFS directory The directory to contain the Agents product files. The
specified directory name must not already exist.

Agent name The name of the Agent that will appear on the Agent
Manager page in GoAnywhere MFT.

Registration code Registration code to pass to the GoAnywhere MFT

instance that the Agent will connect to. The registration
code is set up in advance in the GoAnywhere MFT server.

Shutdown port The port number which the Agents will listen to for
shutdown requests. Default is 8015. *

GoAnywhere MFT Agent Admin Guide www.goanywhere.com page: 49

Installation – IBM i (iSeries) / Installing Agents on IBM i

Field name Description

GoAnywhere MFT The host domain or IP address of the GoAnywhere MFT

server host server that the Agent will connect to.

GoAnywhere The port number of the GoAnywhere MFT server that the
MFT server port Agent will connect to. The default port is 8009.*

SSL context protocol Specify the desired SSL protocol to be used for the Agent
Control Channel. Some examples include TLSv1, TLSv1.1
and TLSv1.2

Server CA certificate The full IFS path of the file that holds the GoAnywhere
MFT server certificate.

Folder access Enter up to five IFS paths that the Agent will have access
to. Each path contains three parts: the alias name, alias
path and a read only indicator. Sub folders will inherit
permissions from the defined folder permissions.

Restrict usage If set to "true", the types of Tasks the Agent can execute
are restricted to the selected Task types that follow. Valid
values are true or false.

Allow Database tasks Allows the Agent to run Database tasks on the server
where the Agent is installed. Valid values are true or false.

Allow Email tasks Allows the Agent to run Email tasks on the server where
the Agent is installed. Valid values are true or false.

Allow Excel tasks Allows the Agent to run Excel tasks on the server where
the Agent is installed. Valid values are true or false.

Allow execute native Allows the Agent to run Execute Native Command tasks
command on the server where the Agent is installed. Valid values are
true or false.

Allow FileCatalyst Allows the Agent to run FileCatalyst tasks on the server
tasks where the Agent is installed. Valid values are true or false.

Allow FTP tasks Allows the Agent to run FTP tasks on the server where the
Agent is installed. Valid values are true or false.

page: 50 www.goanywhere.com GoAnywhere MFT Agent Admin Guide

 Installation – IBM i (iSeries) / Installing Agents on IBM i

Field name Description

Allow FTPS tasks Allows the Agent to run FTPS tasks on the server where
the Agent is installed. Valid values are true or false.

Allow GoFast tasks Allows the Agent to run GoFast tasks on the server where
the Agent is installed. Valid values are true or false.

Allow PGP tasks Allows the Agent to run PGP tasks on the server where the
Agent is installed. Valid values are true or false.

Allow SSH tasks Allows the Agent to run SSH tasks on the server where the
Agent is installed. Valid values are true or false.

Allow Webservice Allows the Agent to run Webservice tasks on the server
tasks where the Agent is installed. Valid values are true or false.

Allow ZIP tasks Allows the Agent to run File Compression tasks on the
server where the Agent is installed. Valid values are true
or false.

Allow Amazon file Allows the Agent to utilize the Amazon S3 Buckets
permissions Resource on the server where the Agent is installed.

Allow Azure file Allows the Agent to utilize the Azure Blob Storage
permissions Resource on the server where the Agent is installed.

Allow Network Share Allows the Agent to utilize the Network Shares Resource
permission on the server where the Agent is installed.

Allow WebDAV file Allows the Agent to utilize the WebDAV Resource on the
permissions server where the Agent is installed.

Enable FIPS 140-2 When FIPS 140-2 Compliance Mode is enabled, Agents
Compliance will only use FIPS 140-2 validated algorithms (ciphers) for
encrypting transmissions over SSH and SSL channels
including SFTP, SCP, FTPS and HTTPS protocols.

Disabled SSL/TLS Specify the SSL/TLS protocol versions and cipher suites
Protocols to disable globally. Some allowed protocols and cipher
suites may forcibly be disabled depending on your JVM
and security provider. Values must be comma-separated.

GoAnywhere MFT Agent Admin Guide www.goanywhere.com page: 51

Installation – IBM i (iSeries) / Installing Agents on IBM i

Field name Description

Disabled SSL/TLS Specify the SSL/TLS protocol versions and cipher suites
Cipher Suites to disable globally. Some allowed protocols and cipher
suites may forcibly be disabled depending on your JVM
and security provider. Values must be comma-separated.

Allow Implicit Trust Specify whether to allow implicit trust for certain
connections that support this configuration. If unchecked,
implicit trust will be globally disabled and all connections
will be required to validate certificates.

CA Validation Server CA Basic Server Constraints Validation

Certs

CA Validation Email CA Basic Email Constraints Validation

Certs

Date Validation Date Validation of Server Certificates

Server Certs

Date Validation Email Date Validation of Email Certificates

Certificates

Ext Key Validation Extended Key Usage Validation Server Certificates

Serv Certs

Ext Key Validation Extended Key Usage Validation Email Certificates

Email Certs

CRL Server Certs Server Certificate Revocation Lists (CRL)

CRL Email Certs Email Certificate Revocation Lists (CRL)

CRL Refresh Interval Specify in minutes how often the CRLs should be
refreshed.

CRL URLs Specify the URLs to use for CRL checking. Must be a pipe
'|' separated list.

*To check if the port number is already in use, run the IBM i command of NETSTAT
and select option 3. Then press F14 to see the numeric port numbers.

page: 52 www.goanywhere.com GoAnywhere MFT Agent Admin Guide

 Installation – IBM i (iSeries) / Installing Agents on IBM i

11. After reviewing and/or modifying the parameters on the INSTALLGAA command,
press enter to start the installation process.

12. Prompt (F4) the command GAAGENT/STRGAAGENT for starting the Agents
subsystem. The following screen will be displayed.

For the Server User Profile parameter, keep the default of *CURRENT if you want
to run the Agents application under your user profile. Otherwise, specify a different
user profile to run the Agents application server under.

NOTE:

The user profile specified on the STRGAAGENT command must be enabled on

the IBM i. This profile must have *USE authority to the STRSBS command and
*RWX authority to the IFS folders where Agents is installed.

For security purposes, you may want to create a new user profile and consistently
use that profile on the STRGAAGENT command. Then you would only have to grant
authority for the Agents installation IFS folders to that user profile. There are certain
user profiles that you cannot use to start the GAAGENT subsystem. These are:
'QSECOFR', ‘QSPL', 'QDOC', 'QDBSHR', 'QRJE', 'QSYS', 'QLPAUTO',
'QLPINSTALL', 'QTSTRQS' Or 'QDFTOWN'

13. Press enter on the STRGAAGENT command to start the Agents subsystem.

14. Execute the WRKACTJOB (Work with Active Jobs) command to confirm that the
Agents subsystem is running. You should find a subsystem which has the same
name as the library name that was specified on the INSTALLGAA command in step
10 (named GAAGENT by default). This subsystem should contain Agent application
jobs.

GoAnywhere MFT Agent Admin Guide www.goanywhere.com page: 53

Installation – IBM i (iSeries) / Installing Agents on IBM i

15. The installation and startup of Agents is complete.

NOTE:

The Agents can automatically start when the System i is powered up (IPL). To
perform this automatic startup, place the STRGAAGENT command in the
System i startup CL program (after the start of TCPIP).

CL example:

Changing Java Versions

Follow the instructions below to change the Java version for an Agent:

1. Log in to the IBM i using a terminal session.

2. End the Agent subsystem by running the GAAGENT/ENDGAAGENT command.

3. Run the GAAGENT/CFGGAAGENT command.

4. Under the Java Home section, edit the value as needed by choosing option 2.

page: 54 www.goanywhere.com GoAnywhere MFT Agent Admin Guide

 Installation – Mac OS X / Requirements

Installation – Mac OS X
GoAnywhere Agents can be installed onto Apple's Mac OS X desktops, laptops, or servers.

Requirements
Operating Systems supported Mac OS X

Disk space 160 MB for product (does not include user data)

Memory 512 MB minimum

Installing Agents on Mac OS X

Perform the following steps to install an Agent onto an Apple machine.

1. Login to the target Mac OS X system as an administrator.

2. Download the Agent .DMG installer from the GoAnywhere Customer Portal if you
have not already pre-configured and downloaded one through GoAnywhere MFT.

If you are using the Agent ZIP file, extract the contents of the file.

3. Open the downloaded .DMG file, double click the Agent installer, and follow the
prompts on the screen.

NOTE:

If you have not already done so, you may be prompted to install the legacy Java
SE 7 runtime. Click the More Info button and follow the instructions from Apple
to install Java. Repeat step 3 when Java is installed.

4. When prompted, specify the Agent configuration settings. If your Agent installer
application was pre-configured, all required Agent Configuration settings will be
populated using data provided when the installer was initially configured in
GoAnywhere MFT.

GoAnywhere MFT Agent Admin Guide www.goanywhere.com page: 55

Installation – Mac OS X / Installing Agents on Mac OS X

5. Start an Agent by following these instructions:

a. Open a Terminal window.

b. Change the working directory to the directory where the Agent was installed.
(for example, cd /Applications/Fortra/GoAnywhere_Agent/bin)

c. Start an Agent by executing the following shell script:

./agentd.sh start

6. The installation and startup of the Agent is complete.

page: 56 www.goanywhere.com GoAnywhere MFT Agent Admin Guide

 Agent Installer Management / Initial Configuration

Agent Installer
Management
The GoAnywhere MFT Software Library provides Admin Users an online catalog of Agent
installer and upgrader packages that can be downloaded to the Agents installation and
used to pre-configure, install, and upgrade Agents.

To manage the available Agent installers, log in to GoAnywhere MFT as an Admin User
with the Product Administrator role. If your user account is assigned to a custom Admin
User Role, your ability to view, modify, or execute actions on this page are based on the
permissions specified for that role.

From the main menu bar, select Help and then click the Software Library link.

Initial Configuration
You must define a location on the Agents installation where Agent installers will be saved
before you can browse the online catalog. When GoAnywhere MFT is in a clustered
environment, this location needs to be a shared location available to all nodes in the
cluster.

NOTE:
When Agents is running in a cloud hosted environment, the software storage location
is disabled and users are unable to make changes.

Click the Settings button, and then specify a location where Agent installers will be stored.

GoAnywhere MFT Agent Admin Guide www.goanywhere.com page: 57

Agent Installer Management / Software Library

Click Save. The Software Library's online catalog option will now be displayed.

Software Library
The Software Library lists Agent Installers that were downloaded from the Online Catalog
or imported from a local directory.

Page Toolbar

The following actions are available from the page toolbar:

l View and download available Agent installers and upgraders from the GoAnywhere
Customer Portal by clicking the Browse Online Catalog button.
l Import an Agent Installer package by clicking the Import button. This option should
be used when Agents cannot connect directly to the GoAnywhere Customer Portal.
l Change the Software Library storage location by clicking the Settings button.

Software Actions

The following actions are available by selecting the Actions icon:

l Configure an Agent installer by clicking the Configure Installer icon.

l Upgrade an Agent to the latest version by clicking the Upgrade icon.
l Delete an installer or upgrader by clicking the Delete icon.

page: 58 www.goanywhere.com GoAnywhere MFT Agent Admin Guide

 / Browse Online Catalog

Browse Online Catalog

The Online Catalog provides a list of Agent installers and upgraders that can be
downloaded from the GoAnywhere Customer Portal. Use the following instructions to
download an Agent package from the online catalog:

1. To download Agent installers and upgraders, log in as an Admin User with the
Product Administrator role. If your user account is assigned to a custom Admin
User Role, your ability to view, modify, or execute actions on this page are based on
the permissions specified for that role.

2. From the main menu bar, select Help and then click the Software Library link.

3. From the Software Library, click the Browse Online Catalog button. The list of
Agent Installers and upgraders for specific operating systems appears.

4. Click Download to download an installer or upgrader. The package is downloaded

to the Software Library's storage location.

5. Click the Done button to return to the Software Library.

GoAnywhere MFT Agent Admin Guide www.goanywhere.com page: 59

 / Configuring the Agent Installer

Configuring the Agent Installer

The Configure Agent Installer page allows Admin Users to configure a custom Agent
Installer to work with their Agents installation. Once configured, the Agent installation
software can be exported and deployed on the system that will run the Agent. On export,
the Agent installer will include the connection properties used to connect and authenticate
to Agents. The installer will also include folder and Project permissions that can be
accessed or executed on the Agent system.

1. To configure an Agent installer, log in as an Admin User with the Product

Administrator role. If your user account is assigned to a custom Admin User Role,
your ability to view, modify, or execute actions on this page are based on the
permissions specified for that role.

2. From the main menu bar, select Help and then click the Software Library link.

3. Identify an install package for the Agent's operating system, click the Actions icon,
and then select the Configure Installer icon.

4. Configure the Agent settings and then click the Generate button.

5. The custom Agent installer is downloaded to your browser's default location.

6. For instructions to install the Agent, view the GoAnywhere MFT Agent Install Guide.

GoAnywhere MFT Agent Admin Guide www.goanywhere.com page: 60

/ Configuring the Agent Installer

General Tab

Agent Configuration

Name
The name of the Agent that will appear on the Agent Manager page when the
Agent connects. If a name is not specified, a name will be created automatically
using the Agent Registration rules on the Agent Configuration Registration page.

Registration Code
Specify an Agent Registration Code this Agent will use to register with
GoAnywhere. Registration codes are configured on the Agent Configuration
Registration page. If no registration codes are configured on the Agent Service,
then this field can be left blank.

Shutdown Port
The TCP/IP port number on which the Agent waits for shutdown commands.

Maximum Concurrent Jobs

Specify the maximum number of concurrent Jobs that can be run at any one time
on the Agent. After the threshold is met, any additional jobs are placed in the
queue and are processed in the order they were submitted.

page: 61 www.goanywhere.com GoAnywhere MFT Agent Admin Guide

 / Configuring the Agent Installer

Maximum Concurrent Monitors

Specify the maximum number of concurrent Monitors that can be run at any one
time on the Agent.

GoAnywhere MFT Connection Information

Host
The host name or IP address of the Agents instance this Agent will connect to.

Port
The port number Agents connect to on the Agents instance.

Allowed Folders

By default, the Agent is provided a default read only folder on the server it is
installed on. Click the Add Folder button to add additional folder locations that can
be used by the Agent. Sub folders will inherit permissions from the defined folder
permission.

NOTE:
Folder locations can be added to an Agent after installation by adding them to
the permissions.xml file in the Agent's [Installation]\config directory. For more
information, see the GoAnywhere MFT Agent Install Guide.

Alias
The Alias for the folder location that appears in the Agent file chooser.

Path
The path to the folder location on the Agent system.

Read Only
Indicates if the Agent will have Read Only access to the folder location.

GoAnywhere MFT Agent Admin Guide www.goanywhere.com page: 62

/ Configuring the Agent Installer

Permissions Tab

Agents can run Projects on the server where they are installed. All Agent Project
permissions will be grouped across the Agent. For example, if FTP is allowed on
the Agent, it will be allowed for all aspects of the Agent. However, you can restrict
the type of tasks and file system resources that the Agent can utilize.

Restrict Usage
When selected, the types of tasks and file system resources the Agent can utilize
are restricted to those selected.

Allow Amazon S3
Allows the Agent to utilize the Amazon S3 Buckets Resource on the server where
the Agent is installed.

page: 63 www.goanywhere.com GoAnywhere MFT Agent Admin Guide

 / Configuring the Agent Installer

Allow Azure
Allows the Agent to utilize the Azure Blob Storage Resource on the server where
the Agent is installed.

Allow Database
Allows the Agent to run Database tasks on the server where the Agent is installed.

Allow Email
Allows the Agent to run Send and Retrieve Email tasks on the server where the
Agent is installed.

Allow Excel
Allows the Agent to run Read and Write Excel tasks on the server where the Agent
is installed.

Allow Execute Native Command

Allows the Agent to run Execute Native Command tasks on the server where the
Agent is installed.

Allow FileCatalyst
Allows the Agent to run FileCatalyst tasks on the server where the Agent is
installed.

Allow FTP
Allows the Agent to run FTP tasks on the server where the Agent is installed.

Allow FTPS
Allows the Agent to run FTPS tasks on the server where the Agent is installed.

Allow GoFast
Allows the Agent to run GoFast tasks on the server where the Agent is installed.

Allow Network Share

Allows the Agent to utilize the Network Shares Resource on the server where the
Agent is installed.

Allow PGP
Allows the Agent to run PGP tasks on the server where the Agent is installed.

GoAnywhere MFT Agent Admin Guide www.goanywhere.com page: 64

/ Configuring the Agent Installer

Allow SSH
Allows the Agent to run SSH tasks on the server where the Agent is installed.

Allow WebDAV
Allows the Agent to utilize the WebDAV Resource on the server where the Agent
is installed.

Allow Web Service

Allows the Agent to run Web Service tasks on the server where the Agent is
installed.

Allow Zip
Allows the Agent to run File Compression tasks on the server where the Agent is
installed.

NOTE:
All other standard tasks are always allowed to run on the Agent.

FIPS 140-2 Compliance Tab

When FIPS 140-2 Compliance Mode is enabled, Agents will only use FIPS 140-2
validated algorithms (ciphers) for encrypting transmissions over SSH and SSL
channels including SFTP, SCP, FTPS, and HTTPS protocols.

NOTE:
This FIPS 140-2 Compliance Mode setting applies only to Agents version
1.4.0 and later.

Enable FIPS 140-2 Compliance Mode

FIPS 140-2 Compliance Mode can be enabled or disabled. By default, the FIPS
140-2 Compliance Mode is disabled.

page: 65 www.goanywhere.com GoAnywhere MFT Agent Admin Guide

 / Configuring the Agent Installer

Algorithms Tab

Specify the SSL/TLS protocol versions and cipher suites to allow globally. Some
allowed protocols and cipher suites may forcibly be disabled depending on your
JVM and security provider. A JVM can disable protocols or cipher suites based on
specific algorithms or rules (for example, key lengths). Additionally, your FIPS
provider may further disable protocols and cipher suites in FIPS mode.

NOTE:
These algorithm settings apply only to Agents version 1.4.0 and later.

Protocols
Specify the SSL/TLS protocol versions to use. The column on the left displays the
disabled protocols. The column on the right displays the allowed protocols. Click to
select an option and then use the direction buttons between the columns to move
the selection to the appropriate side.

Cipher Suites
Specify the cipher suites to use. The column on the left displays the disabled
cipher suites. The column on the right displays the allowed cipher suites. Click to
select an option and then use the direction buttons between the columns to move
the selection to the appropriate side.

GoAnywhere MFT Agent Admin Guide www.goanywhere.com page: 66

/ Configuring the Agent Installer

Certificate Validation Tab

Specify checks to enforce when validating server and email certificates. When not
enforced, a validation check is delegated to the JVM Security Providers. Deselecting a
validation check does not necessarily mean the check will never be used.

When the Server Certificates check box is selected, validation checks are performed on
presented server certificates when Agents connects as a client to another server.

When the Email Certificates check box is selected, validation checks are performed on
tasks to validate signing and encryption certificates related to processing emails.

NOTE:
These certificate validation settings apply only to Agents version 1.4.0 and later.

CA Basic Constraints Validation

Select check box to verify that the issuer Certificate Authority (CA) certificate is marked as
a CA in its basic constraints extension.

Date Validation
Select check box to apply date validity check to server certificates and email signing and
encryption certificates.

Extended Key Usage Validation

Select check box to apply extended key usage check to server certificates and email
signing and encryption certificates. The check will validate the intended key purpose of the

page: 67 www.goanywhere.com GoAnywhere MFT Agent Admin Guide

 / Configuring the Agent Installer

certificate - server authentication or email protection.

Certificate Revocation Lists (CRL)

Select check box to apply CRL check to server certificates and email signing and
encryption certificates.

NOTE:
If a Certificate Revocation List (CRL) is expired and cannot be refreshed, the CRL
validation check will reject all certificates until the CRL is removed or an updated
CRL can be fetched.

Refresh Interval
If CRLs are enabled, specify how often to refresh all CRLs. Default Value: 5 minutes.

URLs
If CRLs are enabled, specify at least one URL in which to retrieve CRLs. To add more than
one URL to the table, select the Add URL link. Select the Delete button to delete a URL,
but there must be at least one URL entry if CRLs are enabled.

Implicit Trust

Specify whether or not to allow implicit trust for certain connections that support this
configuration. If set to "No", implicit trust will be globally disabled and all connections will
be required to validate certificates.

Allow Implicit Trust

Specify whether or not to allow any connections to be configured to use implicit trust (trust
all).

GoAnywhere MFT Agent Admin Guide www.goanywhere.com page: 68

 Pre-Upgrade Notes /

Pre-Upgrade Notes
This section describes important upgrade considerations for Agents.

2.3.0
SQL Server JDBC Driver Update
The SQL Server JDBC driver has been updated to version 12.8. The encrypt connection
property now defaults to true when connecting to a SQL Server database via a
GoAnywhere Resource or Project Task. If the SQL Server database certificate is not in
KMS (or the JVM cacerts truststore) then the connection will fail. This can be fixed by either
adding encrypt=false to the connection URL or by importing the SQL Server database’s
certificate into KMS.

Encrypted Agent Database

In Agents 2.3.0 the database is encrypted using a random key. The initial database
encryption occurs once the Agent starts up after the upgrade to 2.3.0.

Agents will now manage their own database parameters: driverClassName, url,
username, and password. Additional parameters such as initialSize, maxActive, maxIdle,
and maxWait are still configurable.

To perform the upgrade, an Agent must have the original default values in the existing
driverClassName, url, username, and password parameters. Its local derby database
must be in the expected location: [Installation Directory]/agentdata/database/agent.

2.1.3
Network Shares Monitors
Upgrading to Agents 2.1.3 may fail if you have active monitors that use a Network Share
resource AND whose event type is File Created or Modified or File Modified. If the

GoAnywhere MFT Agent Admin Guide www.goanywhere.com page: 69

Pre-Upgrade Notes /

upgrader fails you will be notified that in order to upgrade you need to disable these
monitors and re-enable them once you have upgraded. This affects monitors on both
Agents and Agent Groups.

2.0.0
The upgrade to version 2.0.0 requires Java 11. You’ll need to upgrade to Agents 1.7.0 or
later in order to switch to Java 11. To upgrade to Java 11, complete the upgrade
instructions in the following sections in this order:

l Java 11 Considerations
l Configuring Agents to Run on a Different JVM

Once the Agent is running on Java 11, proceed with upgrading to version 2.0.0.

page: 70 www.goanywhere.com GoAnywhere MFT Agent Admin Guide

 Upgrading Agents /

Upgrading Agents
Agents are upgraded from the Agent Manager in GoAnywhere MFT. The Agent Manager
provides tools to automatically apply upgrades to Agents and Agent Groups.

The GoAnywhere MFT Upgrade Agents page provides Admin Users the ability to upgrade
Agents to the latest software version. When an upgrade is applied, Agents ensures the
Agent is not currently processing any Jobs before the Agent is upgraded. Once the Agent
upgrade is finished, the Agent will reconnect to Agents automatically.

1. To apply an Agent Upgrade, log in to GoAnywhere MFT as an Admin User with the
Product Administrator role. If your user account is assigned to a custom Admin
User Role, your ability to view, modify, or execute actions on this page are based on
the permissions specified for that role.

2. From the main menu bar, select Help and then click the Software Library link.

3. Click the Browse Online Catalog button to find the latest Agent upgrade package,
or import one if you have downloaded an Agent upgrader from the Agents Customer
Portal.

4. From the Software Library page, identify the upgrade package, click the Actions
icon, and then select the Upgrade Agents icon.

5. The Upgrade Agents page appears. Any outdated Agents will be selected for
upgrade. Deselect any Agents that you do not wish to upgrade at this time.

6. Click the Upgrade button. The selected Agents will be upgraded once any work on
the Agent is completed.

GoAnywhere MFT Agent Admin Guide www.goanywhere.com page: 71

 Java 11 Considerations /

Java 11 Considerations
Java 11 is required to use Agents. However, migrating to Java 11 requires some additional
considerations.

Updating Agent startup scripts for Java 11 on Linux and Unix systems

If your Agents are running on a Linux or Unix system, the Agent startup scripts must be
updated. Follow the steps below to update the Agent startup scripts.

1. Shut down the Agent.

2. Navigate to the Agent install directory.

3. Modify the 'agent' startup script file. Remove all occurrences of the following text: -
XX:-UseVMInterruptibleIO

4. Save the changes to 'agent'.

5. Navigate to [install directory]/bin.

6. Modify the 'agentd' startup script file. Remove all occurrences of the following text: -
XX:-UseVMInterruptibleIO

7. Save the changes to 'agentd'

8. Start the Agent.

Updating Agent Startup Scripts for Java 11 on IBM i systems

If your Agents are running on an IBM i system, the Agent startup script must be updated.
Follow the steps below to update the Agent startup script.

1. Shut down the Agent.

2. Navigate to [install directory]/os400-bin/.

3. Modify the 'start_agent.sh' file.

4. Remove all occurrences of the following text: -XX:-UseVMInterruptibleIO.

GoAnywhere MFT Agent Admin Guide www.goanywhere.com page: 72

Java 11 Considerations /

5. Save the changes to the 'start_agent.sh' file.

6. Start the Agent.

Updating the Uninstall Script for Linux and Unix

If your Agents are running on a Linux or Unix system running Java 11, the Agent uninstall
script must be updated before you can uninstall an Agent. Follow the steps below to
update the Agent uninstall script.

1. Shut down the Agent.

2. Navigate to the Agent install directory.

3. Modify the 'uninstall' script file.

4. Remove all occurrences of the following text: -Djava.ext.dirs="$app_java_

home/lib/ext:$app_java_home/jre/lib/ext.

5. Save the changes to the 'uninstall' file.

6. You may now uninstall Agents running on Java 11.

page: 73 www.goanywhere.com GoAnywhere MFT Agent Admin Guide

 Agent Configuration /

Agent Configuration
Agents are typically pre-configured through the Configure Agent Installer screen in
GoAnywhere MFT. After an Agent is installed, the configuration can be updated on the
Agent system by modifying the Agent's XML configuration file.

To configure an Agent, open the agent.xml file from the [installdirectory]/config directory
using a text or XML editor.

The following table lists the attributes that can be updated.

Attribute Name Description

name The name of the Agent that will appear on the Agent Manager page
when the Agent connects. If a name is not specified, a name will be
created automatically using the Agent Registration rules on the
Agent Configuration Registration page.

host The host name or IP address of the GoAnywhere MFT instance this
Agent will connect to.

port The port number to use when connecting to the GoAnywhere MFT
instance.

shutdownPort The TCP/IP port number on which the Agent waits for a shutdown
commands. The default is 8015.

register Indicates whether the Agent needs to be registered when it

connects to GoAnywhere MFT. Valid values are true or false.

registrationCode The Agent Registration Code this Agent will use to register with
GoAnywhere MFT. If no registration codes are configured on the
Agent Service, then this field can be left blank.

maxThreads The maximum number of threads that the Agent is allowed to use.
The default value is 500.

GoAnywhere MFT Agent Admin Guide www.goanywhere.com page: 74

Agent Configuration /

SSL Attributes

The following attributes can be added to the agent.xml file in the SSL element to enable
and configure SSL to protect the channel between the Agent and GoAnywhere MFT.

Attribute Name Description

sslContextProtocol Specify the desired SSL protocol to be used for the

connection to GoAnywhere MFT. This setting
should match the SSL protocol on the SSL tab in the
Agent Configuration. The default value is TLS.

trustStore The local path to a Key Store that contains the

Agent's Private Key. This is created automatically
during installation.

trustStorePassword The password to access certificates stored in the

Key Store.

trustStorePasswordIsEncrypted A value indicating whether or not the

trustStorePassword is encrypted. To encrypt a
password, store the trustStorePassword in
plaintext, set this value to false, and then start the
Agent.

trustStoreProvider The Service Provider to use for opening this Key

Store. When no trust store provider is specified, the
default JCE one is used.

trustStoreType The type of this Key Store. The default is set to

BCFKS.

NOTE:
The Agent must be restarted for any changes to take effect.

page: 75 www.goanywhere.com GoAnywhere MFT Agent Admin Guide

 Agent Configuration /

Sample agent.xml Configuration

Listed below are the contents of a sample configuration file for an Agent.

<?xml version="1.0" encoding="UTF-8" standalone="no"?>

<agent host="localhost" maxThreads="100" name="Denver_001" port="8009" register="false"
registrationCode="2017" shutdownPort="8015">
<ssl sslContextProtocol="TLS" trustStore="C:\Program Files\Fortra\GoAnywhere
Agent\agentdata\keys\x509\trustedCertificates.bcfks"
trustStorePassword="*a1:gH/V7hJztIyHzFyGZbn2Bg==:zKECfpHJ4VfHcz5gGXwaVA=="
trustStorePasswordIsEncrypted="true" trustStoreProvider="" trustStoreType="BCFKS"/>
</agent>

GoAnywhere MFT Agent Admin Guide www.goanywhere.com page: 76

 / Advanced Configuration

Advanced Configuration
To configure an Agent's local address and local port ranges, open the agent.xml file
located in the [installdirectory]/config directory using a text or XML editor.

The following table lists the attributes that can be updated.

Attribute Name Description

localAddress The local address to use for outgoing Agent

connections to GoAnywhere MFT.

localPortFrom The inclusive starting range port number to use when

restricting local ports for outgoing Agent connections
to GoAnywhere MFT. The localPortTo attribute must
also be specified to restrict port range. Valid values
are from 1023 to 65536.

localPortTo The inclusive ending range port number to use when

restricting local ports for outgoing Agent connections
to GoAnywhere MFT. The localPortFrom attribute
must also be specified to restrict port range. Valid
values are from 1023 to 65536.

localAddressRequestTimeout The time to wait in seconds for a local address to

become available. This attribute only applies when the
localPortTo and localPortFrom attributes are specified.
Valid values are from 1 to 240.

socketLinger A socket option indicating how long after usage of a

local socket should it stay in TIME_WAIT status.
Typically, sockets are left in a TIME_WAIT status after
connections are closed. Valid value is any number
greater than -1 (value of 0 indicates it will not wait).

reuseAddress A socket option that tells the kernel to reuse the port
even if the port is busy in the TIME_WAIT status.

GoAnywhere MFT Agent Admin Guide www.goanywhere.com page: 77

/ Advanced Configuration

Attribute Name Description

gofastMemoryLimit The amount of memory allocated to GoFast. If not

specified, GoFast will use up to 33% of the memory
allocated to the Agent.

gofastMemoryLimitUnit The unit of measurement for the memory allocated to

GoFast. Valid values are GB, MB, or KB.

Sample Configuration

The following is a sample advanced configuration agent.xml file for an Agent.

<?xml version="1.0" encoding="UTF-8" standalone="no"?>

<agent localAddress="10.10.1.4" reuseAddress="true" socketLinger="0" localPortFrom="34000"
localPortTo="35410" shutdownPort="18015" registrationCode="" register="false" port="10009"
name="" maxThreads="500" host="10.10.20.250">
<ssl trustStoreType="BCFKS" trustStoreProvider=""
trustStorePassword="a1:gH/V7hJztIyHzFyGZbn2Bg==:zKECfpHJ4VfHcz5gGXwaVA=="
trustStorePasswordIsEncrypted="true" trustStore="C:\Program Files\Fortra\GoAnywhere
Agent\agentdata\keys\x509\trustedCertificates.bcfks" sslContextProtocol="TLSv1.2"/>
</agent>

page: 78 www.goanywhere.com GoAnywhere MFT Agent Admin Guide

 / Agent Permissions

Agent Permissions
To configure an Agent's runtime configuration, folder permissions, and Project Workflow
permissions, open the permissions.xml file located in the [installdirectory]/config
directory using a text or XML editor.

The following sections list the attributes that can be updated.

Runtime Configuration

To prevent system resources from being overloaded, you can limit the number of Jobs and
Monitors that can be run on an Agent at any given time.

Attribute Name Description

maxJobRuntime Specify the maximum number of concurrent Jobs that can be

run at any one time on the Agent. After the threshold is met, any
additional jobs are placed in the queue and are processed in
the order they were submitted.

maxMonitorRuntime Specify the maximum number of concurrent Monitors that can

be run at any one time on the Agent.

Folders

By default, the Agent cannot access any folders on the system where the Agent is installed.
Modify or add folder locations that can be used by the Agent.

Attribute Name Description

alias The name of the folder that will appear in GoAnywhere MFT's
Project File Chooser.

path The local path to the folder.

readOnly Set whether the Agent can write to the designated folder or read
only. Valid values are true or false.

GoAnywhere MFT Agent Admin Guide www.goanywhere.com page: 79

/ Agent Permissions

Sample Folder Attributes

Listed below are the contents of a sample folder configuration.

<folders>
<folder alias="temp" path="c:\temp" readOnly="false" />
</folders>

Task Permissions

Agents can run Projects on the server where they are installed. You can restrict the type of
Tasks that the Agent can execute.

Attribute Name Description

restrictTasks If set to "true", the types of Tasks the Agent can execute are
restricted to the selected Task types that follow. Valid values
are true or false.

allowDatabaseTasks Allows the Agent to run Database tasks on the server where
the Agent is installed. Valid values are true or false.

allowEmailTasks Allows the Agent to run Email tasks on the server where the
Agent is installed. Valid values are true or false.

allowExcelTasks Allows the Agent to run Excel tasks on the server where the
Agent is installed. Valid values are true or false.

allowExecNativeTasks Allows the Agent to run Execute Native Command tasks on

the server where the Agent is installed. Valid values are true
or false.

allowFileCatalystTasks Allows the Agent to run FileCatalyst tasks on the server

where the Agent is installed. Valid values are true or false.

allowFTPTasks Allows the Agent to run FTP tasks on the server where the
Agent is installed. Valid values are true or false.

page: 80 www.goanywhere.com GoAnywhere MFT Agent Admin Guide

 / Agent Permissions

Attribute Name Description

allowFTPSTasks Allows the Agent to run FTPS tasks on the server where the
Agent is installed. Valid values are true or false.

allowGoFastTasks Allows the Agent to run GoFast tasks on the server where
the Agent is installed. Valid values are true or false.

allowPGPTasks Allows the Agent to run PGP tasks on the server where the
Agent is installed. Valid values are true or false.

allowSSHTasks Allows the Agent to run SSH tasks on the server where the
Agent is installed. Valid values are true or false.

allowWebServiceTasks Allows the Agent to run Web Service tasks on the server
where the Agent is installed. Valid values are true or false.

allowZipTasks Allows the Agent to run File Compression tasks on the

server where the Agent is installed. Valid values are true or
false.

File System Resource Permissions

File System Resource Permission allow Agents to access file system resources using file
syntax notation. You can restrict the File System Resources that the Agent has access to.

EXAMPLE:
The syntax for referencing an Amazon S3 share is: resource:s3://[ResourceName]/
[FilePath], where [ResourceName] is the name of the Amazon S3 share Resource.

Attribute Name Description

allowAmazonS3FileSyntax Allows the Agent to utilize the Amazon S3 Buckets

Resource on the server where the Agent is installed.

allowAzureFileSyntax Allows the Agent to utilize the Azure Blob Storage

Resource on the server where the Agent is installed.

allowNetworkShareFileSyntax Allows the Agent to utilize the Network Shares

Resource on the server where the Agent is installed.

GoAnywhere MFT Agent Admin Guide www.goanywhere.com page: 81

/ Agent Permissions

Attribute Name Description

allowWebDAVFileSyntax Allows the Agent to utilize the WebDAV Resource on

the server where the Agent is installed.

Sample permissions.xml Configuration

Listed below are the contents of a sample permissions file for an Agent.

<?xml version="1.0" encoding="UTF-8" standalone="no"?>

<permissions>
<folders>
<folder alias="temp" path="c:\temp" readOnly="false"/>
</folders>
<maxJobRuntime>20</maxJobRuntime>
<maxMonitorRuntime>20</maxMonitorRuntime>
<restrictTasks>true</restrictTasks>
<allowDatabaseTasks>true</allowDatabaseTasks>
<allowEmailTasks>true</allowEmailTasks>
<allowExecNativeTasks>true</allowExecNativeTasks>
<allowFileCatalystTasks>true</allowFileCatalystTasks>
<allowExcelTasks>false</allowExcelTasks>
<allowFTPTasks>false</allowFTPTasks>
<allowFTPSTasks>false</allowFTPSTasks>
<allowGoFastTasks>false</allowGoFastTasks>
<allowPGPTasks>false</allowPGPTasks>
<allowSSHTasks>false</allowSSHTasks>
<allowWebServiceTasks>false</allowWebServiceTasks>
<allowZipTasks>false</allowZipTasks>
<allowAmazonS3FileSyntax>false</allowAmazonS3FileSyntax>
<allowAzureFileSyntax>false</allowAzureFileSyntax>
<allowNetworkShareFileSyntax>true</allowNetworkShareFileSyntax>
<allowWebDAVFileSyntax>true</allowWebDAVFileSyntax>
</permissions>

page: 82 www.goanywhere.com GoAnywhere MFT Agent Admin Guide

 / Agent Security Settings

Agent Security Settings

To configure an Agent's security settings, open the security.xml located in the
[installdirectory]/config directory using a text or XML editor.

The following table lists the key attributes that can be updated.

Key Attribute Description Value

fips.enabled When FIPS 140-2 Boolean:

Compliance Mode true or false
is enabled,
GoAnywhere MFT
will only use FIPS
140-2 validated
algorithms
(ciphers) for
encrypting
transmissions over
SSH and SSL
channels including
SFTP, SCP, FTPS,
and HTTPS
protocols.

tls.disabledCipherSuites The SSL/TLS A comma

cipher suites to separated
disable globally. list of cipher
Some cipher suites suite
may forcibly be names.
disabled depending
on your JVM and
security provider.

GoAnywhere MFT Agent Admin Guide www.goanywhere.com page: 83

/ Agent Security Settings

Key Attribute Description Value

tls.disabledProtocols The SSL/TLS A comma

protocol versions to separated
disable globally. list of
Some protocols SSL/TLS
may forcibly be protocol
disabled depending names.
on your JVM and
security provider.

x509.implicitTrust.allowAll Whether implicit Boolean:

trust is allowed for true or false
certain connections
that support this
configuration. If
implicit trust is not
allowed, implicit
trust will be globally
disabled and all
connections will be
required to validate
certificates.

x509.server.basicConstraintChecking.enabled Verifies the Boolean:

Certificate true or false
Authority (CA) is
marked as a CA
with a valid path
length in its basic
constraints.

page: 84 www.goanywhere.com GoAnywhere MFT Agent Admin Guide

 / Agent Security Settings

Key Attribute Description Value

x509.email.basicConstraintChecking.enabled Verifies the Boolean:

Certificate true or false
Authority (CA) is
marked as a CA
with a valid path
length in its basic
constraints.

x509.server.dateValidityChecking.enabled Applies date Boolean:

validity check to true or false
server certificates.

x509.email.dateValidityChecking.enabled Applies date Boolean:

validity check to true or false
email certificates.

x509.server.extendedKeyUsageChecking.enabled Applies extended Boolean:

key usage check to true or false
server certificates.
The check will
validate the
intended purpose
of the certificate -
server
authentication.

x509.email.extendedKeyUsageChecking.enabled Applies extended Boolean:

key usage check to true or false
email certificates.
The check will
validate the
intended purpose
of the certificate -
email protection.

GoAnywhere MFT Agent Admin Guide www.goanywhere.com page: 85

/ Agent Security Settings

Key Attribute Description Value

x509.server.crlChecking.enabled Applies CRL check Boolean:

to server true or false
certificates.

x509.email.crlChecking.enabled Applies CRL check Boolean:

to email true or false
certificates.

x509.crlChecking.refreshInterval How often to Number

refresh all CRLs if
CRLs are enabled.

x509.crlChecking.urls The URLs to use A pipe '|'

for CRL checking. separated
list of URLs.

Sample Configuration

The following is a sample advanced configuration security.xml file for an Agent.

<?xml.version="1.0" encoding="UTF-9" standalone="no"?>

<!DOCTYPE properties SYSTEM "http://java.sun.com/dtd/properties.dtd">
<properties>
<entry key="fips.enabled">false</entry>
<entry key="tls.disabledCipherSuites"/>
<entry key="tls.disabledProtocols"/>
<entry key="x509.implicitTrust.allowAll">true</entry>
<entry key="x509.server.basicConstraintChecking.enabled">false</entry>
<entry key="x509.email.basicConstraintChecking.enabled">false</entry>
<entry key="x509.server.dateValidityChecking.enabled">false</entry>
<entry key="x509.email.dateValidityChecking.enabled">false</entry>
<entry key="x509.server.extendedKeyUsageChecking.enabled">false</entry>
<entry key="x509.email.extendedKeyUsageChecking.enabled">false</entry>
<entry key="x509.server.crlChecking.enabled">false</entry>
<entry key="x509.email.crlChecking.enabled">false</entry>
<entry key="x509.crlChecking.refreshInterval">5</entry>

page: 86 www.goanywhere.com GoAnywhere MFT Agent Admin Guide

 / Agent Security Settings

<entry key="x509.crlChecking.urls"/>
</properties>

GoAnywhere MFT Agent Admin Guide www.goanywhere.com page: 87

 Product Administration / Starting and Stopping Agents

Product Administration
Starting and Stopping Agents
Windows Instructions

Start the Agent by following these instructions:

1. Go to the Windows machine and logon with an administrator account.

2. Go to Control Panel > Administrative tools > Services.

3. In the Services window, right-click on GoAnywhereAgent and select Start. Within

seconds after starting GoAnywhereAgent, its status should be updated to “Started”.

Stop the Agent by following these instructions:

1. Go to the Windows machine and logon with an administrator account.

2. Go to Control Panel > Administrative tools > Services.

3. In the Services window, right-click on the GoAnywhereAgent and select Stop.

Linux and Unix Instructions

Start the Agent by following these instructions:

1. Open a Terminal window.

2. Change the working directory to the directory where the Agent is installed
(for example, cd /usr/local/Fortra/GoAnywhere_Agent/bin)

3. Start the Agent by executing the following shell script:

./agentd start

Stop the Agent by following these instructions:

GoAnywhere MFT Agent Admin Guide www.goanywhere.com page: 88

Product Administration / Starting and Stopping Agents

1. Open a Terminal window.

2. Change the working directory to the directory where GoAnywhere is installed

(for example, cd /usr/local/Fortra/GoAnywhere_Agent/bin)

3. Stop the Agent by executing the following shell script:

./agentd stop

IBM i (iSeries) Instructions

Start the Agent by following these instructions:

1. Open a Terminal window.

2. Start the Agent by executing the IBM i command of GAAGENT/STRGAAGENT.

Stop the Agent by following these instructions:

1. Open a Terminal window.

2. Stop the Agent by executing the IBM i command of GAAGENT/ENDGAAGENT.

Mac OS X Instructions

Start the Agent by following these instructions:

1. Open a Terminal window.

2. Change the working directory to the directory where the Agent is installed
(for example, cd /Applications/Fortra/GoAnywhere Agent/bin)

3. Start the Agent by executing the following shell script:

./agent.sh start

Stop the Agent by following these instructions:

1. Open a Terminal window.

2. Change the working directory to the directory where the Agent is installed
(for example, cd /Applications/Fortra/GoAnywhere Agent/bin)

page: 89 www.goanywhere.com GoAnywhere MFT Agent Admin Guide

 Product Administration / Starting and Stopping Agents

3. Stop the Agent by executing the following shell script:

./agentd stop

GoAnywhere MFT Agent Admin Guide www.goanywhere.com page: 90

 / Agent Logs

Agent Logs
Agents maintain logs that record the Agent's activity. The log files record a timestamp and
description of each action performed. A new log file is created each time the current log file
reaches the maximum size defined in the log configuration. The log is stored in the Agent's
[Install Directory]\agentdata\logs directory.

Change Log Level

If you encounter a problem with an Agent, a Fortra Support Specialist may ask you to
provide them a Debug Log to troubleshoot the issue.

1. Navigate to the [Install Directory]\config folder (where [Install Directory] is the

installation location for Agents.

2. Open the log4j.xml file using an XML editor or Notepad.

3. Toward the bottom of the file, change the value for <level value="INFO"> to <level
value="DEBUG">.

4. Save the changes to the log configuration and close the editor.

5. Restart the Agent for the new changes to take effect.

GoAnywhere MFT Agent Admin Guide www.goanywhere.com page: 91

 / Disaster Recovery

Disaster Recovery
If an Agent loses connection to GoAnywhere MFT, it will continually attempt to reestablish
a connection until GoAnywhere MFT becomes available on the IP address and port the
Agent is attempting to connect to. If GoAnywhere Gateway is being used as a load
balancer for a GoAnywhere MFT cluster, Gateway will direct the Agent connection to the
next available system in the cluster. For more information on GoAnywhere Gateway,
disaster recovery, automatic failover, and clustering, see the GoAnywhere MFT Installation
Guide.

GoAnywhere MFT Agent Admin Guide www.goanywhere.com page: 92

 / Configuring an Agent to Run On a Different JVM

Configuring an Agent to Run On a

Different JVM
Upgrading the External JRE

Follow your Java vendor's instructions to upgrade your external JRE. Once the JRE is
upgraded to Java 11, ensure the Java execution environment is correct.

The latest supported version of Java is bundled in the installer for Windows and Linux. If
you need to manually configure an Agent to run on a newer version of Java, follow the
steps below.

1. Shutdown the Agent.

2. Navigate to [install directory]/.install4j/.

3. Edit the file pref_jre.cfg.

4. Modify the path within pref_jre.cfg to point to the desired Java version.

Upgrading the Embedded JRE (Windows)

Use the following instructions to upgrade the embeded Java version to 11 on Windows
installations:

1. Download the appropriate Java 11 version.

2. Shut down Agents.

3. Navigate to the installation directory. By default, this is C:\Program

Files\Fortra\GoAnywhere Agent.

4. Rename the old jre folder to jre.old.

5. Create a new jre folder in the installation directory and copy the downloaded JRE
bundle into that directory.

6. Extract the contents of the JRE bundle into the current directory.

GoAnywhere MFT Agent Admin Guide www.goanywhere.com page: 93

/ Uninstalling Agents

Upgrading the Embedded JRE (Linux)

Use the following instructions to upgrade the embeded Java version to 11 on Linux
installations:

1. Download the appropriate Java 11 version.

2. Log in as the user account that owns the Agents installation directory and its
contents.

3. This is typically the same user account used to start and stop Agents.

4. Shut down Agents.

5. Navigate to the installation directory. For example,

/usr/local/Fortra/GoAnywhere_Agent.

6. Rename the old jre folder to jre.old.

7. Create a new 'jre' folder in the installation directory and copy the downloaded JRE
bundle into that directory.

8. Extract the contents of the JRE bundle into the current directory.
l $ gunzip linux-x86-11.tar.gz
l $ tar -xvf linux-x86-11.tar

Uninstalling Agents
This section describes how to uninstall the Agents product.

Windows uninstall instructions

Perform the following steps to uninstall the Agents product from Windows:

Step Description

1 Browse to the installation directory of Agents. The default install

directory is C:\Program Files\Fortra\GoAnywhere Agent.

page: 94 www.goanywhere.com GoAnywhere MFT Agent Admin Guide

 / Uninstalling Agents

Step Description

2 Run the file named uninstall.exe to uninstall the product.

Linux and Unix uninstall instructions

Perform the following steps to uninstall the Agents product from Linux:

Step Description

1 Login to the Linux system as root and open a Terminal window.

2 Change the working directory to the directory where the Agent was
installed
(for example, cd /usr/local/Fortra/GoAnywhere_Agent).

3 Stop the Agents by executing the following shell script:

./agentd.sh stop

4 Uninstall the Agents product by executing the following shell script:

./uninstall.sh

IBM i uninstall instructions

Perform the following steps to uninstall the Agents product from the IBM i:

Step Description Example Commands

1 End the Agent service. - GAAGENT/ENDGAAGENT

2 Verify that there are no locks on the - WRKOBJLCK OBJ(GAAGENT)

Agent library. Default library name is OBJTYPE(*LIB)
GAAGENT.

3 Delete the Agent library. Default - DLTLIB LIB(GAAGENT)

library name is GAAGENT.

GoAnywhere MFT Agent Admin Guide www.goanywhere.com page: 95

/ Uninstalling Agents

Step Description Example Commands

4 Delete the Agent folder from the IFS. - RMVLNK OBJLNK

The default main folder name is ('/fortra/gaagent/*.*')
/fortra/gaagent.
- RMVDIR DIR('/fortra/gaagent')

Mac OS X uninstall instructions

Perform the following steps to uninstall the Agents product from Mac OSX:

Step Description

1 Login to the Mac OS X system as an administrator and open a Terminal

window.

2 Change the working directory to the directory where the Agent was
installed
(for example, cd /Applications/Fortra/GoAnywhere_Agent).

3 Stop the Agents by executing the following shell script:

./agentd.sh stop

4 Uninstall the Agent product by double clicking the Agent Uninstaller

found in the /Applications/Fortra/GoAnywhere_Agent directory and
follow the prompts on the screen.

page: 96 www.goanywhere.com GoAnywhere MFT Agent Admin Guide

 / Using FTP and FTPS in Passive Mode

Using FTP and FTPS in Passive Mode

As of Agents 2.1.3, using FTP or FTPS in passive mode will cause a connection failure.

As a security best practice, the address provided in the passive reply will no longer be
trusted by default. To trust the addresses in a passive reply, set
org.apache.commons.net.ftp.ipAddressFromPasvResponse=true in the Agent system
properties file [installdirectory]/config/system.properties. This requires a restart of the
Agent.

GoAnywhere MFT Agent Admin Guide www.goanywhere.com page: 97