GoAnywhere Gateway™ can serve as both a Reverse Proxy and a Forward Proxy. Typically GoAnywhere Gateway is installed in the demilitarized zone (DMZ) and GoAnywhere MFT™ is installed in the private/internal network.
At startup, GoAnywhere MFT creates an outbound connection to GoAnywhere Gateway, which is used as a "control channel" for passing commands and messages between the products. This control channel will initially provide the proxy details (IP and port mappings) to GoAnywhere Gateway, at which point it will start up "listeners" on the designated IPs and ports for incoming traffic.
When an external client (trading partner) connects to a listener on GoAnywhere Gateway in the DMZ, GoAnywhere Gateway will make a request over the control channel to GoAnywhere MFT in the private/internal network. GoAnywhere MFT will then create a new outbound data channel to GoAnywhere Gateway. This data channel will be attached to the desired service (e.g. FTP, FTPS, SFTP, HTTP/s) and all traffic for that session will be routed over this new data channel including client authentication requests, data and commands. When the session is terminated, the corresponding data channel will be removed.
The Forward Proxy in GoAnywhere Gateway allows you to route client requests from GoAnywhere MFT (in the private/internal network) to external FTP, FTPS, SFTP and SCP servers without revealing the identity or locations of your internal systems. The Forward Proxy is additionally used by GoAnywhere MFT to route active and passive FTP and FTPS data connections through GoAnywhere Gateway.
When a process in GoAnywhere MFT needs to make an outbound connection through the proxy, a request is made to GoAnywhere Gateway with the address of the intended destination. GoAnywhere Gateway will then establish the connection to that destination and will bridge it to the requesting system.