A cluster gateway allows a Broker in one cluster to retrieve information from Brokers in another cluster. You can set up ACLs on a cluster gateway so that the Broker requesting information from a cluster other than its own must be granted authorization to receive data.

When you set up a cluster gateway ACL, the user name ACL on the local gateway contains one entry: the basic authentication identity or SSL identity of the Broker Server on which the remote gateway resides. After permission is granted, information flows from the remote Brokers on the other side of the gateway.

Normally, when you configure for SSL authentication, you do not need to attach an authenticator name ACL to a cluster gateway. However, if the Broker identity from the other cluster used a different certification authority, then you must import the trusted root of each cluster into the truststore of the other.