Search

GlobalSCAPE Knowledge Base

If DMZ Gateway Server hands all traffic to EFT Server on the inside network, wouldn’t this be seen as a risk and defeat the objective of having the DMZ Gateway broker connections?

Karla Marsh
EFT

THE INFORMATION IN THIS ARTICLE APPLIES TO:

  • EFT Server (All Versions)
  • DMZ Gateway

QUESTION

If DMZ Gateway Server hands all traffic to EFT Server on the inside network, wouldn’t this be seen as a risk and defeat the objective of having the DMZ Gateway broker connections?

ANSWER

If you configure the IP Access Restriction list on EFT Server, DMZ Gateway blocks the traffic on those IP addresses, including IP addresses added to the "Auto-Ban" list for traffic sensitivity. In other words, on EFT Server, if you block IP addresses (or if they automatically get added to the blocked list for banned IPs), DMZ Gateway blocks the traffic at the gateway and does NOT forward the "garbage" traffic on to EFT Server. In this way, DMZ Gateway supports the "Anti-DOS/Flooding" capability of EFT Server.

DMZ Gateway only restricts connections based on IP address. Any other form of packet analysis requires decrypting the traffic at the DMZ Gateway, thereby negating the advantage of End-to-End security between client and server. DMZ Gateway is a connection broker, not a firewall, packet inspector, IPS (Intrusion Prevention System), or anything like that.

Details
Last Modified: 13 Years Ago
Last Modified By: GlobalSCAPE 5
Type: FAQ
Rated 1 star based on 6 votes.
Article has been viewed 12K times.
Options
Also In This Category
Tags