DMZ Gateway® – Different by Design
What is DMZ Gateway?
DMZ Gateway is a multi-platform solution that works in conjunction with the EFT™ platform and/or Mail Express to create a multi-layered security solution for data storage and retrieval, authentication, and firewall traversal. Using a two-way connection originating inside EFT/Mail Express, the DMZ Gateway acts as a communication proxy to process requests that replaces inherently insecure inbound connections from the Demilitarized Zone (DMZ) to your network.
How is Globalscape’s DMZ Gateway Different?
Unlike store-and-forward technologies, our DMZ Gateway does not store or process data. It acts as a liaison between external connections and your internal network, ensuring that your data remains safe behind the firewall for EFT or Mail Express to store and process. Your data remains secure because it’s never stored in the DMZ.
DMZ Gateway Provides Security and Efficiency at the Same Time
With DMZ Gateway you no longer have to choose between security and efficiency. DMZ Gateway provides the following benefits:
- Facilitates compliance with mandates such as PCI DSS requirement §1.3.7 that forbid storage of sensitive data in the demilitarized zone (DMZ).
- Eliminates the need for file encryption, store-and-forward systems, or polling for changes to secure data in the DMZ.
- Eliminates the need for a file transfer system in the DMZ or for exposing any part of your network to the DMZ, such as AD services for user authentication or SQL services for auditing.
- A single outbound connection greatly reduces overhead compared to traditional proxy and firewall configuration.
- Saves time and reduce points of failure over traditional store-and-forward or polling for changes. Data is made available to back-end systems in real time.
How does DMZ Gateway work?
DMZ Gateway resides in the DMZ. EFT and Mail Express reside inside your network and initiate a persistent session with the DMZ Gateway.
When a client connects to the DMZ Gateway, DMZ Gateway will notify EFT/Mail Express over the pre-established session. Subsequently, EFT/Mail Express will initiate another outbound session to the DMZ Gateway, and the DMZ Gateway then connects this new session and the client’s session. From that point forward, all client and server communications are streamed through DMZ Gateway to EFT/Mail Express.
From the client's viewpoint, it appears as if the back-end EFT platform and Mail Express reside inside the DMZ, when they are actually located securely behind your corporate firewall. No transferred data resides in the DMZ (not even temporarily), client authentication takes place in EFT or Mail Express, and no inbound holes are punched through your internal network firewall.
DMZ Gateway Feature Highlights
- No inbound holes through the network firewall
- No data is ever stored in the DMZ–data streams to the back-end EFT/Mail Express
- Virtual authentication—DMZ Gateway acts as a proxy for authentication
- Supports all protocols allowed by EFT (FTP/S, SFTP, HTTP/S and AS2) and Mail Express (HTTPS)
- Transparent to your partners–EFT’s and Mail Express's services are virtualized in the DMZ
- No storage, synchronization, or replication of user database needed in the DMZ
- Support for Linux, Solaris, and Windows operating systems
DMZ Gateway can map and route connections to all other EFT sites on the network and Mail Express, which not only reduces your total cost of ownership, but also simplifies network maintenance.