Progress® MOVEit® Gateway provides a DMZ proxy function that enables deployments of Progress® MOVEit® Transfer within secured networks (behind the firewall). This supports the advanced compliance requirements often associated with data protection regulations such as GDPR, HIPAA and PCI-DSS.
What is MOVEit Gateway?
MOVEit Gateway provides a multi-layered security approach that enables deployments of MOVEit Transfer within secured networks (behind the firewall). This helps to prevent data storage, authentication and file transfer activities from occurring in the DMZ network segment. When external regulations or internal security and compliance policies require the highest levels of security for data transmissions beyond your internal network, MOVEit Gateway helps:
• Terminate inbound connections in the DMZ network from the public network
• Secure data within the trusted network—no data is stored in the DMZ network
• Keep authentication requests and authorization decisions within your trusted
network as opposed to the DMZ network
Deployment
MOVEit Gateway acts as a proxy between inbound connections from the public network and your internal trusted network. MOVEit Transfer is deployed behind the firewall in your secure network so that file transfer tasks are protected behind multiple layers of security.
How it Works
When the Gateway service is started, it creates a secure tunnel to handle all communications between itself and the MOVEit Transfer server. Client SFTP and FTP/S authentication requests are terminated at MOVEit Gateway and formulated into a similar request between MOVEit Gateway and the MOVEit Transfer server. The response from the MOVEit server is again decrypted and reformed into a similar response which is then encrypted and sent back to the client.
The same process is used for authentication and file transfer, so all inbound connections are terminated, while all outbound connections originate at the Gateway and in the DMZ.
Security Benefits
Facilitates compliance with mandates, such as PCI DSS requirement §1.3.6, which states that protected data should not be stored in the DMZ network.
Eliminates the need to expose secured network resources and authentication services, such as Active Directory (AD) or auditing data, to the DMZ network.
Note: This information has been sourced from the product vendor’s official website. While we strive to keep all content up to date, we cannot guarantee accuracy if the vendor makes changes without notifying us.