Globalscape Firewall

: Unlike traditional setups, the internal EFT server initiates a persistent outbound connection to the DMZ Gateway (the Peer Notification Channel).

Because the EFT Firewall is a purpose-built appliance/module, it does not run a general-purpose operating system (like Windows or Linux) in the traditional sense for the proxy layer. This removes the need to patch general OS vulnerabilities in the DMZ, significantly reducing the maintenance burden and attack surface. globalscape firewall

Globalscape firewall configurations revolve around securing the platform, primarily through the use of the DMZ Gateway . This architecture eliminates the need for inbound firewall holes from the DMZ to your internal network by using a specialized "streaming" proxy. Core Architecture: The DMZ Gateway : Unlike traditional setups, the internal EFT server

| Source | Destination | Port | Protocol | Reason | |--------|-------------|------|----------|--------| | Any | DMZ Gateway | 21 | TCP | FTP (if allowed) | | Any | DMZ Gateway | 990 | TCP | FTPS implicit | | Any | DMZ Gateway | 443 | TCP | HTTPS web client | | Any | DMZ Gateway | 22 | TCP | SFTP | | Any | DMZ Gateway | 50000-50100 | TCP | FTP passive data | : Unlike traditional setups