Hi Charles
Thanks for your response! yes we're running 9.1 and i'm auditing the request.mainpart (added now in separate audit) but it's still empty (also in audit logs).
I see one execution for each sftp command. All 3 scenarios (A, B and C) below invoke the service debugger. See screenshot below:
A: From client execute an 'ls' which should list the remote directory. This fails as there is no remote sftp exposed directory.
B & C: Trying to upload a file to the Gateway. Both fail with same error 'Couldn't get handle: Failure'.
My conclusion would be that this is not possible as the exposed policy on the gateway does not speak the sftp protocol. And the gateway can only be used to proxy sftp traffic, so there is always a separate sftp server needed.
I hope you can tell me that my conclusion is wrong
In your sample policy, you connect to an external sftp server and the gateway is playing the role of an sftp client.