Enabling DMZ Gateway in EFT

You can enable DMZ Gateway when you create the Site or enable it later in the EFT administration interface. In the Site Setup wizard, EFT displays the Perimeter Security configuration page that asks whether you will be using DMZ Gateway, and allows you to enter the DMZ Gateway IP address and port number. If Connect this site to EFT's DMZ Gateway is selected when you are creating a Site in the Site Setup wizard, EFT attempts to establish a socket connection to DMZ Gateway when you click Next.

  • If the socket connection fails, a message appears in which you are allowed to provide the DMZ Gateway information again or disable DMZ Gateway and continue without it. (You can attempt to configure it again later.)

  • If the socket connection is successful, EFT applies the settings and continues with Site setup.

To enable DMZ Gateway in EFT administration interface

  1. In the EFT administration interface, connect to EFT and click the Server tab.

  2. Expand the node of the Site you want to connect to DMZ Gateway, then click the Gateway node.

  3. In the right pane, the DMZ Gateway tab appears.

  4. Select the Enable the DMZ Gateway as a proxy check box.

  5. In the DMZ Gateway addresses box, specify one or more IP addresses of DMZ Gateways to which you are connecting.

    • For multiple DMZ Gateways, specify the addresses separated by commas. EFT will try one IP address, then the next, until it can connect (using the same values, keys, etc. for each one).

    • If DMZ Gateway has previously connected and then the connection is lost, after a 1-second delay, it will try to reconnect, then failover to the next address in the list, then the next, until it connects. (Depending on the "gw_retryattempts" advanced property.) If it fails the last address in the list, it will not try again; EFT server service restart is required.

    • Upon EFT server service restart, it will try again to connect to the first address in the list, and so on.

  6. In the Port box, specify the port number over which EFT is to connect to DMZ Gateway. The default port is 44500.

    The connection will be refused if the IP address is on the server's IP Access\Ban list.

  7. Select the Secure (TLS) Peer Notification Channel (PNC) check box.

  8. In the Protocols area, select the check boxes for the protocols and the ports that DMZ Gateway will use. These settings are separate from the ports that EFT uses. For example, you could use port 21 for FTP traffic directly to EFT, but port 14421 for FTP traffic through the DMZ Gateway.

  9. If you are using FTP and DMZ Gateway with a PASV mode IP address, click PASV settings. The Firewall/NAT Routing dialog box appears.

    1. Select the Assign PASV mode IP address check box, then specify the IP address and port range.

    2. Click OK.

  10. Click Apply to save the changes on EFT. If the settings are correct and the DMZ Gateway is configured properly, the connection status changes to Connected with a green icon.

    11. If EFT cannot connect to DMZ Gateway, ensure that the EFT computer can connect to the DMZ Gateway computer by pinging it. Verify that the DMZ Gateway computer's firewall is not blocking incoming connections.

  11. You may need to establish a new connection with EFT Server by stopping and restarting connected Sites.

    1. In the left pane, click the Site node.

    2. In the right pane, click the General tab.

    3. Click Stop. The Site Status area displays "Stopped" with a red ball icon.

    4. Click Start. The Site Status area displays "Running" with a green ball icon.

Related Topic