ActiveTransfer Server 10.11 | webMethods ActiveTransfer Documentation | Administering ActiveTransfer Gateway | Understanding ActiveTransfer Gateway | Overview
 
Overview
If your ActiveTransfer Server resides behind a firewall and does not accept communications from external clients through a DMZ, you can configure a dedicated ActiveTransfer Gateway that permits the internal ActiveTransfer Server to process requests from external clients. With an ActiveTransfer Gateway placed in the DMZ, users can establish a connection with a server inside a firewall using any of the protocols that ActiveTransfer supports.
If the client connections to ActiveTransfer Server are routed using an ActiveTransfer Gateway, the internal firewall is required to open only the connections required from ActiveTransfer Server to ActiveTransfer Gateway (that is, outbound connections from the internal network to the DMZ). There is no need to open inbound connections in the firewall from the DMZ to the internal network. By limiting the connections to only those established by the internal server, the Gateway architecture makes it extremely difficult for an attacker to directly penetrate the internal network, even if the attacker manages to subvert a system within the DMZ.