) serves as a buffer. In a standard file transfer scenario, an external client attempting to upload sensitive financial or personal data would typically require an open inbound port through the corporate firewall. This creates a significant "attack surface." The Globalscape proxy mitigates this by residing in the Demilitarized Zone (DMZ). Instead of the external client connecting directly to the internal EFT server, it connects to the proxy. The internal server then establishes an outbound connection to the proxy to retrieve the data, ensuring that no inbound ports ever need to be opened on the internal firewall. Enhancing Security and Compliance The primary value proposition of the proxy is the enforcement of a "no data at rest" policy in the DMZ. Unlike traditional relay servers that might temporarily store files while they are being scanned or moved, Globalscape’s architecture is designed to pass data through in real-time. This is critical for organizations striving for compliance with stringent regulations such as
While primarily deployed as an inbound reverse proxy, the Globalscape environment allows for bi-directional configurations to control and secure web data flows. Feature / Capability Inbound (Reverse Proxy Role) Outbound (Forward Proxy Role) Protect the internal server from external web threats. Safe outbound file offloading to remote third parties. Data Flow Initiation External client initiates request to the DMZ proxy. Internal EFT Event Rule triggers an external connection. Storage Presence None. Zero persistence in the DMZ. None. Streams directly through the socket tunnel. Protocols Supported HTTP, HTTPS, SFTP, FTPS, AS2. SOCKS5, HTTP, FTP. Multi-Layered File Security - DMZ Gateway - Globalscape
Many standard proxy mechanisms utilize "store-and-forward" logic, caching incoming files on the proxy disk before transferring them to internal folders. The Globalscape proxy , not even temporarily. If the DMZ proxy node is compromised by an adversary, no corporate data or user credentials exist on that machine to be harvested. 3. Virtual Authentication
In enterprise networking, exposing internal database and storage infrastructure directly to the internet is a severe vulnerability. For organizations using the platform to manage sensitive business files, protecting this perimeter is paramount. globalscape web proxy
Regulatory frameworks require that sensitive data—be it patient records, payment card information, or personal user data—be protected both in transit and at rest. By terminating external TLS connections at the proxy and re-establishing a separate, controlled connection to the backend, the proxy ensures that external parties never directly touch the internal server. This separation is a key control in audit trails and compliance documentation.
Rather than waiting for a connection from the outside, the backend Globalscape EFT server establishes an outbound Peer Notification Channel (PNC) connection to the DMZ Gateway.
The operation of GlobalSCAPE Web Proxy is straightforward: ) serves as a buffer
: The content is returned to the user through the proxy server. If the content is cached, it can be served directly from the cache, speeding up the process.
Because the internal firewall blocks all unsolicited inbound requests, attackers scanning public IP addresses cannot directly touch or exploit the internal server hosting the core business infrastructure. 2. No Data Stored in the DMZ
GlobalSCAPE Web Proxy is a valuable tool for both individuals and organizations looking to secure their internet access, manage bandwidth, and improve user productivity. By understanding its features, benefits, and operation, users can better appreciate the importance of web proxy solutions in today's digital world. Whether you're concerned about security, performance, or compliance, GlobalSCAPE Web Proxy offers a comprehensive solution to meet your needs. Instead of the external client connecting directly to
For users, a web proxy can also provide a level of anonymity on the internet by masking their IP addresses. However, in a corporate context, the focus is more on controlling and monitoring access rather than providing user anonymity.
: The request is sent to the GlobalSCAPE Web Proxy server.