Filter by Category

What is a DMZ and Why Do You Need a DMZ Secure Gateway?

Secure your file transfers and servers with DMZ secure gateway software

If you’ve watched a science-fiction movie about space travel, then you’ve likely seen some version of a scene in which an astronaut reenters their ship from the outside abyss. Because the ship exists as a haven from the dangerous environment of empty space, the astronaut cannot simply open the door and stroll directly into the cockpit. To do so would compromise the human-compatible environment of the Millennium Falcon or USS Enterprise.

Instead, the astronaut first enters an outside chamber, which is sealed off from the main vessel. After the doors reseal securely behind them, pressure returns to normal, the air is filled with oxygen, and the astronaut can open the doors to rejoin Spock or Han Solo.

No doubt that your organization is also exploring frontiers and executing daring missions. However, your light-speed travel most likely happens across internet connections rather than galaxies. Even so, data files may enter and exit your internal system in a similar way to an astronaut and their ship: through a DMZ.

What does a DMZ do?

In today’s business world, exchanging files with customers and trading partners is essential; this makes data security an even more pressing challenge. A DMZ (Demilitarized Zone) functions somewhat like the chamber that allows space travelers to enter and reenter the ship without compromising its safety. It’s the neutral network that resides between your company’s private network and the Internet, containing asteroids, aliens, and other dangers.

How does a DMZ work?

An organization’s DMZ typically contains web servers, FTPS, SFTP, and HTTPS servers, as well as other services it wants to make available to customers and trading partners. To serve the organization’s purpose, these services need access to the files that will be shared with partners.

Like the double airlocks of a spaceship’s chamber, the DMZ limits files on both ends. The DMZ is provisioned with a front-end firewall that limits inbound Internet traffic to certain systems within its zone. On the back end, another firewall is placed to prevent unauthorized access from the DMZ into the private network.

A DMZ serves as a staging area between an organization’s private network and Internet. In order to share a document with a trading partner, an internal program or employee can first copy the file from the private network onto a server in the DMZ. The partner can then download the file from that server using FTPS, SFTP, or HTTPS. Trading partners can also share files with the organization by uploading to a server in the DMZ through a similar process.

Is the DMZ dangerous?

Staging files in a publicly accessible DMZ comes with vulnerabilities.

For example, if attackers gain entry to a file server in the DMZ, they may be able to access user credentials or sensitive trading partner files that were placed there, encrypted or not. In fact, data security compliance auditors are increasingly prohibiting data storage in the DMZ. Also at risk is your file sharing software, especially if it’s administered from the DMZ itself. An attacker could create a "back door" user account into an SFTP server through its admin console, and this seemingly "legitimate" user could then be used to gather sensitive data files over time.

For a limited time, use GoAnywhere's remote collaboration tools free for 90 days

An organization may react to these threats by moving its file sharing services (e.g. FTPS servers or SFTP servers) and sensitive data files from the DMZ into its private network. However, the private network’s inbound ports would traditionally need to be opened, which in turn creates an entirely new set of potential exposures and compliance issues.

Why do you need a DMZ secure gateway?

A DMZ secure gateway, like GoAnywhere Gateway, allows files to be shared without ever being stored in the DMZ or having to open inbound ports. It solves security concerns by allowing an organization to move file sharing and other public services from the DMZ into the private network. This software is stored on a hardened server in the DMZ and includes forward and reverse proxy services. To your trading partners, the process will appear to use the same protocols and ports as before.

GoAnywhere's DMZ secure gateway and DMZ proxy

Internal users can make connections to external systems while hiding the identities and locations of the internal systems for security purposes. When a trading partner wants to initiate a file exchange, the gateway will connect to the partner without opening any inbound ports. This makes the gateway like a "middle man" that acts between the user and the external server.

Learn more about these secret weapons of data security

Keep files moving in and out of your organization while protecting the mothership. Live long and prosper! For more information, download the entire complementary white paper on DMZ.

Download the DMZ Guide

Latest Posts


How Do I Securely Share and Send Large Files?

June 30, 2020

The biggest danger of passing notes in grade school was interception by your teacher (or a box checked “no”) but sending large files these days carries a lot more risk. Messages that you’re…


How a Data Security Breach Puts Your Organization at Risk

June 25, 2020

Data breaches are, unfortunately for organizations everywhere, becoming likely events rather than worst-case scenarios, as more and more organizations are learning. There are a variety of safeguards…


Do You Need an MFT Agent?

June 23, 2020

Do You Need an MFT Agent?Put your dark sunglasses away. An MFT agent is not going to negotiate a multi-million-dollar deal or book you on that late-night talk show. An MFT agent will, however,…


What's the Difference? AS3 vs. AS4

June 16, 2020

If you have ever delved into the Applicability Statement family tree, you may know that AS3 and AS4 don’t have much in common. But what makes these two ostensibly sequential protocols similar, and…