OS4X OFTP2 SmartProxy
Implement OFTP2 via internet with ensuring security in your network zones.
In many network environments, servers are not directly connected to the (unsecure) internet due to security issues. In this case, establishing OFTP2 incoming and outgoing traffic must pass a secure OFTP2 proxy server, which is then installed in the DMZ (a special network zone connected to the internet where special firewall rules apply).
Target audience
Owner of professional network installations with a separated DMZ who are not able to operate the OFTP2 system directly in the internet.
Why use an OFTP2 proxy?
There are many requirements when using an OFTP2 proxy is needed:
- Ensure network security.
- Implement different zones for internal and external network.
- No direct incoming and outgoing connection is possible on a configured TCP/IP port.
- Examine OFTP2 traffic and let only pass valid packages.
- Communication partner validation upon session initialization.
Advantages of OS4X OFTP2 SmartProxy
The OS4X OFTP2 SmartProxy implements every requirement needed for a secure environment of OFTP2 communication and offers the following features:
- Pre-authentification of a communication partner based on common certificate attribute and IP address.
- TLS termination at the proxy for OFTP2 message verification.
- Incoming and outgoing OFTP2 session establishment at very high speed for optimal bandwidth usage.
- Seamlessly integrated in OS4X (configuration, management and logging).
- Internal communication secured via encryption and authentification token.
Main features
- Implement a three-layer network connectivity.
- Pre-authentification of incoming TLS sessions depending on certificate information.
- Internal communication optionally encrypted via TLS and HTTPS.
- No secure data stored in DMZ.
- Verification of data stream information.
- Configurable logging facility (within DMZ, throughout to OS4X's log facility itself).
- Support incoming and outgoing connections.
- Easily configurable.
- Suppress logging mechanism for hacking attacks.
- Configurably use a specific device/IP address for internal and external communication.