The Advantages of Using a Forward and Reverse Proxy
There are many free ways to implement file transfer in an organisation, from using inbuilt FTP daemons on a Unix
What these products have in common is that connections are passed directly through to the server. If the server is sited in a DMZ, then connections pass over the external firewall, but all the data and account credentials are stored in the DMZ. Alternatively, if the server is located in the secure “internal” network zone, firewall ports would need to be opened up directly from the internet into this network zone which may violate internal security policies.
Modern MFT solutions approach this problem in one of two ways. Some products are designed to sit inside the DMZ and encrypt data at
The other which is by far the most popular
A proxy server based in the
Outbound connections from
If you implement a proxy server there are also a few added benefits which may not be immediately obvious.
Forward Proxies are useful for performing NATing.
Upgrading key solutions like MFT can be a disruptive process and it is not uncommon for Pro2col to come across MFT servers which have not been upgraded for over 5 years as a direct result of the impact and downtime upgrading would have. If a server is using a proxy server, then a new MFT server can be installed next to the out of date MFT server, and
Many organisations have a security policy of data not being stored in the DMZ and using a proxy server can enable the MFT server to stay in the secure part of your network without routing internet traffic
PCI DSS regulations amongst others stipulate that credit card data cannot be stored in the DMZ, even if it is encrypted. Using a proxy plus the reporting features of MFT enables compliance.