Our Products:   CompleteFTP  edtFTPnet/Free  edtFTPnet/PRO  edtFTPj/Free  edtFTPj/PRO
0 votes
in CompleteFTP by (49.1k points)

A user, who has an instance of CompleteFTP in the DMZ and another on the internal network, asked us:

I?ve been reading through the documentation but am still a little confused on how to set this up. I?m not sure which option makes more sense. Use the gateway connection or Use a specified connection. Does it matter which option we use?

1 Answer

0 votes
by (49.1k points)
Best answer
You can only use a gateway connection if you're authenticating your FTP users using accounts on the internal CompleteFTP server, so if the accounts of your users are defined only on the CompleteFTP server in your DMZ then you can't use a gateway connection.  So it boils down to where your accounts are stored - on the DMZ server or on the internal server.
A more in-depth explanation:
?If you're authenticating users using a gateway authenticator from accounts on your internal server then the DMZ server connects to the internal server as soon as a user tries to authenticate.  If authentication is successful then that initial connection between the DMZ server and the internal server is kept open for the duration of the session and is used when the user accesses a gateway folder.  
?If, on the other hand, the DMZ server is authenticating users itself (using accounts set up on that server), then no connection between the DMZ server and the internal server is opened initially.  When the user tries to access a gateway folder it has no existing 'gateway connection' available, so it must use a specified connection.  This specified connection must have the user-name and password of an account on the internal server set.