Page 1 of 1

Gateway/Proxy for a DMZ/production architecture?

Posted: Mon Aug 06, 2012 1:00 pm
by a_cerberus_user
Hello,

Currently we are looking to tighten security on our network, which means we need to move our SFTP server from the DMZ domain to our secure production domain.

Is one of the following possible:
> Build a Gateway/proxy add-on so that the data won't be considered 'at rest' in the DMZ?
I can suggest a comparable product but am not sure if this is allowed in the forums. :)
> Recommend a Windows compatible third party software solution that can integrate with Cerberus?

Again, really like the product. 8)

Re: Gateway/Proxy for a DMZ/production architecture?

Posted: Wed Aug 08, 2012 10:46 am
by Serin
Hello,

I know what you mean when you are asking for a Gateway/proxy add-on so that the data won't be considered 'at rest' in the DMZ.

We don't currently have anything like that but I'm starting to work on some designs for how we could accomplish it. I can't recommend a third party solution because we honestly haven't tested any with Cerberus. If you happen to come across one that you can integrate with Cerberus, then feel free to recommend it here.

I'm sorry I can't be of more help, but you have got me thinking about developing something.

Re: Gateway/Proxy for a DMZ/production architecture?

Posted: Thu Aug 09, 2012 2:39 pm
by a_cerberus_user
Thanks Serin!

Re: Gateway/Proxy for a DMZ/production architecture?

Posted: Wed Apr 03, 2013 4:59 pm
by a_cerberus_user
Just pinging to see if there was any update, as our network config project is getting closer on our radar. Thanks.

Re: Gateway/Proxy for a DMZ/production architecture?

Posted: Thu Apr 11, 2013 3:13 pm
by Serin
Hello,

I'm sorry, but we haven't made any progress towards this. It would be a nice feature, but we're a bit overloaded on feature requests and I'm not sure when we will be able to consider something like this.

Re: Gateway/Proxy for a DMZ/production architecture?

Posted: Thu Apr 17, 2014 11:06 am
by a_cerberus_user
That's understandable. Thanks for the update. :)

Re: Gateway/Proxy for a DMZ/production architecture?

Posted: Thu Apr 24, 2014 10:43 pm
by alaskan
Well since this doesn't exist yet as a feature, unfortunately, can someone recommend a way to put something like this in place with Cerberus? I would really prefer to use Cerberus but having it sit in a dmz OR putting it in the domain as domain joined and forwarding ports seems very security risky.


And if I might ask how do most folks setup Cerberus? Do you just install it to a domain joined computer and then forward the port from your firewall?
Put it in a dmz and somehow get the files from it to your domain computers with some other product or just have a domain joined computer in your dmz?
Both of these seem to be to much of a security risk for us and i'm just trying to understand how folks are using the product.

Thanks in advance......

Re: Gateway/Proxy for a DMZ/production architecture?

Posted: Thu Sep 24, 2015 2:06 pm
by alaskan
So is this still something that isnt going to happen anytime soon or might we see this in release version 8?
The gateway is a HUGE HUGE thing for us... I've asked what others use and no one has responded so im wondering if folks are just putting cerberus on a domain joined system and sticking it out on the internet?

Re: Gateway/Proxy for a DMZ/production architecture?

Posted: Wed Dec 19, 2018 10:22 am
by jordanautomations
I know this is an old thread, but has anyone had any success with a proxy in front of cerberus? I've been tasked with implementing this type architecture and hoping to be able to find a solution that doesn't involve replacing cerberus.

Re: Gateway/Proxy for a DMZ/production architecture?

Posted: Fri Mar 01, 2019 5:58 pm
by kaluaabyss
jordanautomations wrote:
Wed Dec 19, 2018 10:22 am
I know this is an old thread, but has anyone had any success with a proxy in front of cerberus? I've been tasked with implementing this type architecture and hoping to be able to find a solution that doesn't involve replacing cerberus.
I've configured a Citrix ADC as a reverse proxy for HTTPS and SFTP connections. It works fine except that I don't currently have a way for the IP Manager to understand the source IP of SFTP connections. HTTPS handles this with a header (X-Forwarded-For).

viewtopic.php?f=2&p=11519#p11519

Re: Gateway/Proxy for a DMZ/production architecture?

Posted: Mon Mar 25, 2019 12:31 pm
by pacman
Please visit here for our new forums: bit.ly/CFTPCommunity