Cerberus DMZ Proxy Gateway
Due to policy reasons outside our companies control, we are being required to switch to a FTP solution that can sit in the internal network, and that uses a DMZ proxy. The proxy sits in the DMZ and listens on 21,22,80,443, and forwards all requests to the server on the internal network. This avoids having the data on the sftp server be in the DMZ, which is a point that a lot of auditors in our industry are requiring.
There are at least 4 other ftp sofware vendor's I've identified that have a purchasable proxy agent, but none seem as good as cerberus in the other areas. I'd really like to be able to continue to use cerberus, but that would require a way to proxy SFTP traffic to it. Seems a vendor-created proxy agent might be the most common way to do that.
-
Official comment
Appreciate you all sharing this feedback with us and we'll be sure this information is passed over to the appropriate team!
Thanks.
-
This is similar to a feature request I just made but hadn't noticed Pauls suggestion.
The ability to give access to a discrete set of users to live data while meeting security and audit requirements is huge. Having a native Cerberus client that addresses these needs would be a massive help. Done correctly we wouldn't need to use a DMZ as the security could work similarly to a VPN client.
That should meet all the auditors needs as it's always about who has access to what data and when did they get it.
0 -
Here a diagram on how I've seen other vendors do it:
- Edge firewall between clients and the Gateway server in the DMZ.
- Gateway / proxy sits in the DMZ
- internal firewall between DMZ and internal network.
- Main FTP servers sits in the internal network.
1 -
Hello Dana Anderson,
is there any update for this feature request? I am also interested in being able to set up a proxy gateway in DMZ for Cerberus FTP server.
Regards,
Milosz0 -
Hello Milosz,
I have seen movement around this enhancement fairly recently, but I don't have any material updates to share on the current status on when this may make it to Cerberus on some level at this time. Do feel free to reach out in the future about this!
0
Please sign in to leave a comment.
Comments
5 comments