EFT administrators might want to administer EFT from a location external to the network by connecting through the DMZ Gateway instead of having to RDP in to the server. The Peer Notification Channel (PNC) between DMZ Gateway and EFT is not, itself, encrypted. Instead, the PNC leverages the encryption provided by the secure protocols (for example, FTPS, SFTP, HTTPS) in EFT. This inherently encrypts the traffic traversing through the DMZ Gateway and traffic will remain encrypted until it reaches EFT. In this way, the PNC is not susceptible to man-in-the-middle attacks and does not present any real world security risks as long as EFT is using secure protocols.
If you want to further enhance the security of the data passing through DMZ Gateway, you can enable secure PNC settings in DMZ Gateway and EFT. The secure PNC settings will reduce false positives for security scans and reduce the attack vector.