THE INFORMATION IN THIS ARTICLE APPLIES TO:
- EFT Server (All Versions)
- DMZ Gateway
If DMZ Gateway Server hands all traffic to EFT Server on the inside network, wouldn’t this be seen as a risk and defeat the objective of having the DMZ Gateway broker connections?
If you configure the IP Access Restriction list on EFT Server, DMZ Gateway blocks the traffic on those IP addresses, including IP addresses added to the "Auto-Ban" list for traffic sensitivity. In other words, on EFT Server, if you block IP addresses (or if they automatically get added to the blocked list for banned IPs), DMZ Gateway blocks the traffic at the gateway and does NOT forward the "garbage" traffic on to EFT Server. In this way, DMZ Gateway supports the "Anti-DOS/Flooding" capability of EFT Server.
DMZ Gateway only restricts connections based on IP address. Any other form of packet analysis requires decrypting the traffic at the DMZ Gateway, thereby negating the advantage of End-to-End security between client and server. DMZ Gateway is a connection broker, not a firewall, packet inspector, IPS (Intrusion Prevention System), or anything like that.