GoAnywhere Gateway

Typically, GoAnywhere Gateway is located within the DMZ and is installed in the private/internal network.

MFT creates an outbound connection to Gateway, which is used as a “control channel” for passing commands and messages between products. This control channel will initially provide the proxy details (IP and port mappings) to GoAnywhere Gateway.

BlueFinch-ESBD

What is GoAnywhere Gateway ?

GoAnywhere Gateway is an enhanced reverse and direct proxy that provides organizations with an additional layer of security for data exchange with trading partners. 

With GoAnywhere Gateway, file sharing services can be kept securely within your private network, without exposing sensitive data to your DMZ. Connections can be made to external systems on behalf of private network users.

Key Features:

  • GoAnywhere Gateway keeps sensitive files out of the DMZ outside the DMZ while protecting your private network.

 

  • GoAnywhere Gateway helps you comply with compliance with regulations such as RGPD, HIPAA, PCI DSS, SOX, etc.
BlueFinch-ESBD
BlueFinch-ESBD

Environment

The MFT solution works in any environment or operating system. GoAnywhere Gateway is a platform independent software solution. Install it on Windows, Linux, AIX, UNIX or other operating systems to enforce file security in the environment that works best for you.

BlueFinch-ESBD

connection

As a forward proxy, GoAnywhere Gateway can establish connections to external systems on behalf of users and applications on the private network. This allows you to more easily manage file transfers from your firewall. In addition, the identities and locations of your internal systems are hidden for better security.

BlueFinch-ESBD

DMZ

Files can be securely shared with business partners, users, customers, and vendors, while preventing critical documents or files from being stored, even temporarily, in your DMZ.

BlueFinch-ESBD

Network

Your file servers (e.g., FTPS, SFTP, HTTPS, and AS2) can be kept securely within your internal network. This allows you to keep inbound ports to your network closed, which is essential to comply with data security standards such as PCI DSS, HIPAA, HITECH, SOX, ISO 27000 and GLBA.

Interested in adding GoAnywhere Gateway to your security arsenal?

Ask our experts to test GoAnywhere MFT and discover all the benefits of GoAnywhere Gateway.

How does it work?

BlueFinch-ESBD

Reverse Proxy

GoAnywhere Gateway acts as a "front end" and hides the use of folders as it does for services (FTP/S, SFTP, HTTPS). When trading partners need to exchange data with your company, they will be able to connect with GoAnywhere Gateway. GoAnywhere Gateway will then attach these two requests to the appropriate services on the private network. All additional data channels are opened from the private network and through GoAnywhere Gateway, requiring no inbound ports.

BlueFinch-ESBD

Forward Proxy

GoAnywhere Gateway will connect to external systems on behalf of users and applications on the private network. By routing requests through a central point with GoAnywhere Gateway, you can more easily manage your firewall forwarding more easily. For security purposes, the forward proxy hides the identities and location of your system.

Load balancing

GoAnywhere Gateway can serve as a load balancer to distribute workloads among multiple GoAnywhere MFT installations within a cluster, as well as among other systems on your network.

If one system were to fail in the cluster, GoAnywhere Gateway would send all new trading partner connections to the other systems in the cluster.

This active-active structure provides greater availability for mission-critical environments.

FTP, FTPS, and SFTP will use the round-robin algorithm to load-balance connections across systems in the cluster.

For each new connection from a trading partner, GoAnywhere Gateway will distribute that session to the next FTP/FTPS/SFTP server (in sequential order) within the cluster.

This provides organizations with a high level of protection for shared file transfers between their systems, business partners, employees and the cloud.

HTTP/S is a stateless protocol that also uses the round-robin algorithm.

The HTTPS protocol defines the format of the messages through which Web browsers communicate and determines how a browser should respond to a Web request. It is a stateless protocol, which means that each instance of communication is treated as an independent event and no session information from previous requests is retained by the receiver.

This protocol allows each connection to the same HTTP/S server to be maintained to ensure session integrity.

This is important because the user's HTTP/S session can usually only be handled by one HTTP/S server at a time.