DMZ Gateway® is a multi-platform solution that works in conjunction with Globalscape EFT to create a multi-layered security solution for data storage and retrieval, authentication and firewall transversal. Using a two-way connection originating from the back-end (internal) EFT, the DMZ Gateway acts as a communication proxy to process requests that replaces inherently insecure inbound connections from the Demilitarized Zone (DMZ) to your network.
How Does DMZ Gateway Work?
DMZ Gateway resides in the DMZ. EFT resides inside your network and initiates a persistent outbound (east-west) session with the DMZ Gateway.
When a client (partner) connects to the DMZ Gateway, DMZ Gateway will notify EFT over the pre-established session. Subsequently, EFT will initiate another outbound session to the DMZ Gateway, and the DMZ Gateway then glues together this new session and the client’s session. From that point forward, all client and server communications are streamed through DMZ Gateway to EFT.
From the client’s view point, DMZ Gateway makes the back-end EFT appear to be inside the DMZ, when EFT actually resides securely behind your corporate firewall. No transferred data resides in the DMZ (not even temporarily), client authentication takes place on the back-end EFT, and no firewall holes are punched through your internal firewall in the wrong direction.
You don’t need to choose between top security and being efficient. With DMZ Gateway, you can have both.
- Facilitates compliance with mandates that forbid storage of sensitive data in the demilitarized zone (DMZ).
- Eliminates the need for compensating methods of securing data in the DMZ, such as file encryption, store-and-forward systems, or polling for changes.
- Eliminates the need for a file transfer system in the DMZ or for exposing any part of your network to the DMZ, such as Active Directory services for user authentication or SQL services for auditing
- Ability to configure secure PNC for remote administration of EFT over MX protocol
- Updated support for non-Windows operating systems
- DMZ Gateway can map and route connections to all EFT Sites to not only reduce your total cost of ownership, but also simplify network maintenance.
- Single outbound connection means greatly reduced overhead as compared to traditional proxy and firewall configuration.
- Save time and reduce points of failure over traditional store-and-forward or polling for changes.
- Data is made available to back-end systems in real-time.
- No inbound (west to east) holes through the network firewall
- No data is ever stored in the DMZ – Data streams to the back-end EFT
- Virtual authentication – DMZ Gateway acts as a proxy for authentication
- Supports all protocols allowed by EFT (FTP/S, SFTP, HTTP/S and AS2)
- Transparent to your partners – EFT services are virtualized in the DMZ
- No storage, synchronization, or replication of user database needed in the DMZ