F/S: Reverse Proxy Forwarding - GoAnywhere Gateway

GoAnywhere Gateway is both an enhanced reverse proxy and forward proxy that provides an additional layer of security when exchanging data with your trading partners. With GoAnywhere Gateway, you can keep file sharing services (e.g. FTPS/s, SFTP, HTTPS servers) and documents safely in your private/internal network. No sensitive data needs to be stored in your DMZ. The reverse proxy feature in GoAnywhere Gateway allows you to keep inbound ports closed into your private network, which is essential for complying with PCI DSS, HIPAA, HITECH, SOX, ISO 27000 and GLBA.

When GoAnywhere Gateway is used as a forward proxy, it will make connections to external systems on behalf of users and applications in the private network. By routing outbound requests through a centralized point with GoAnywhere Gateway, you will be able to more easily manage file transfers from your firewall. The forward proxy feature additionally hides the identities and locations of your internal systems for security purposes. In essence, GoAnywhere Gateway serves as a transparent interface between internal systems and external systems without exposing sensitive files and the private/internal network.

GoAnywhere Gateway features:

No incoming ports need to be opened into the private network- reduces the risk of intrusion
No sensitive data files are stored in the DMZ
User credentials, permissions, certificates and keys are kept safe in the private network
Hides the locations and identities of internal systems
Services configurations are maintained/stored in the private network
Supports FTP, FTPS, SFTP, SCP, HTTP, HTTPS and AS2 file transfer protocols
No special hardware components required; software-only solution
Installs to Windows, Linux, AIX, UNIX and Solaris operating systems

GoAnywhere Gateway can serve as both a Reverse Proxy and a Forward Proxy. Typically GoAnywhere Gateway is installed in the demilitarized zone (DMZ) and GoAnywhere Services is installed in the private/internal network.

At startup, GoAnywhere Services creates an outbound connection to GoAnywhere Gateway, which is used as a "control channel" for passing commands and messages between the products. This control channel will initially provide the proxy details (IP and port mappings) to GoAnywhere Gateway, at which point it will start up "listeners" on the designated IPs and ports for incoming traffic.

Reverse Proxy

When an external client (trading partner) connects to a listener on GoAnywhere Gateway in the DMZ, GoAnywhere Gateway will make a request over the control channel to GoAnywhere Services in the private/internal network. GoAnywhere Services will then create a new outbound data channel to GoAnywhere Gateway. This data channel will be attached to the desired service (e.g. FTP, FTPS, SFTP, HTTP/s) and all traffic for that session will be routed over this new data channel including client authentication requests, data and commands. When the session is terminated, the corresponding data channel will be removed.

Forward Proxy

The Forward Proxy in GoAnywhere Gateway allows you to route client requests from GoAnywhere Director (in the internal network) to external FTP, FTPS, SFTP and SCP servers without revealing the identity or locations of your internal systems. The Forward Proxy is additionally used by GoAnywhere Services to route active and passive FTP and FTPS data connections through GoAnywhere Gateway.

When a process in GoAnywhere Director or GoAnywhere Services needs to make an outbound connection through the proxy, a request is made to GoAnywhere Gateway with the address of the intended destination. GoAnywhere Gateway will then establish the connection to that destination and will bridge it to the requesting system.