DMZ Gateway, when combined with the EFT Server, adds a multi-layered security solution that allows implementing the highest levels of security for data storage and retrieval, authentication and firewall transversal. Using a two-way connection originating from the back-end (internal) EFT server, the DMZ Gateway acts as a communication proxy to process requests that replaces inherently insecure inbound connections from the DMZ to your network.
How does it work?
The DMZ Gateway resides in the Demilitarized Zone (DMZ). EFT Server initiates a secure session with the DMZ Gateway in an outbound (east-west) connection. The Gateway then forwards all incoming client communications and data to the back-end EFT Server. The DMZ Gateway makes the back-end EFT Server appear to be inside the DMZ. In actuality, EFT Server resides securely behind your corporate firewall. No data resides in the DMZ, authentication takes place on the back-end EFT Server, and no firewall holes are punched through your internal firewall in the wrong direction.
DMZ Gateway Feature Highlights
No data is ever stored in the DMZ – data streams to the back-end EFT Server
No requirement for inbound (west – east) holes through the firewall separating the DMZ from the internal network; instead EFT Server initiates an east-west connection to the DMZ Gateway.
Virtual authentication – DMZ Gateway acts as a proxy for authentication and directory listings to the back-end EFT server
Supports all protocols allowed by the EFT Server providing complete FTPS (SSL) and SFTP (SSH2) termination
Transparent to your partners – The EFT Server, data repository and authentication database(s) all appear to be in the DMZ while actually residing safely in the back-end EFT Server
No storage, synchronization or replication of user database needed in the DM