How does authentication take place between clients and EFT Server through the DMZ Gateway?


  • EFT Server (All Versions)
  • DMZ Gateway Server (All Versions)


When connecting to EFT Server via DMZ Gateway Server, how does authentication take place?


Authentication is delegated to the back-end EFT Server.  It is as if the client were logging in directly to the EFT Server from the internal network.  The DMZ Gateway Server essentially acts as if it were a Layer 3 router and simply routes data from the client to the EFT Server. 

Shown below is the basic, general sequence.  This sequence assumes that EFT Server has already established the Peer Notification Channel (PNC) to the DMZ Gateway.  (The PNC is the outbound-initiated two way socket connection used for communication, typically on port 44500 on the DMZ Server):

  1. Client makes socket connection to DMZ Gateway.
  2. DMZ Gateway Server sends notification message to EFT Server using PNC.
  3. EFT Server opens a new outbound connection to DMZ Gateway Server.
  4. DMZ Gateway Server "glues together" the client socket with the EFT Server socket established in step 3.  At this point DMZ simply routes data between client and EFT.
  5. Client and EFT Server proceed as if the client were connected directly to the EFT Server.