|
|
|
|
MOVEit Gateway acts like a reverse proxy to provide an additional layer of security for MOVEit Transfer customers. Inbound traffic cannot come through the firewall into the trusted zone; all user sessions terminate in the MOVEit Gateway network segment. The outward-facing portion of the network (typically the Internet) is separated from the MOVEit Transfer server, which is typically behind a firewall in a trusted zone on a local private network. MOVEit Gateway exchanges authentication, credentials, files, and other data between remote clients and a MOVEit Transfer server (Endpoint) located in the trusted zone. You do not need open ports in your firewall to allow clients to communicate with MOVEit Transfer.
How it Works
During installation, a secure SSH tunnel is created from the MOVEit Transfer server to the MOVEit Gateway computer (or virtual machine). MOVEit Gateway then runs as a Windows Service that provides reverse proxies and forwards only encrypted traffic to the MOVEit Transfer server over the tunnel. All communications between the client and server session are encrypted and streamed through this connection. MOVEit Gateway inspects all requests and if the requests look valid, forwards them to the MOVEit Transfer server (Endpoint) for fulfillment. Responses from MOVEit Transfer are sent back to MOVEit Gateway, which returns them to the user. This process is invisible to incoming clients.
MOVEit Gateway supports the following protocols:
The MOVEit Gateway Configuration Interface provides an easy way to configure and manage these reverse proxies, their port and connection details, and current running status.
All clients supported by MOVEit Transfer are also compatible with MOVEit Gateway:
MOVEit Gateway also supports single, high availability, and web farm environments.
In This Section |
See Also |