Globalscape Firewall

The Globalscape EFT Network Firewall utilizes a . It functions as a gatekeeper residing in the DMZ (Demilitarized Zone), while the core EFT Server (processing the data and authenticating users) resides in the secure internal network.

Unlike traditional network firewalls, GlobalSCAPE’s firewall component operates at , acting as a reverse proxy and protocol validator. globalscape firewall

: Zero inbound ports are opened from the DMZ to your internal "Trusted" network. The Globalscape EFT Network Firewall utilizes a

: Allows only the internal EFT server to talk to the DMZ Gateway over a specific "Peer" port. : Zero inbound ports are opened from the

| Parameter | Recommended Setting | |-----------|---------------------| | | 1000–5000 (per gateway) | | Max connections per IP | 10 concurrent | | Connection idle timeout | 300 seconds | | Login failures before ban | 5 attempts within 60 seconds | | Ban duration | 30 minutes | | Data channel port range | 50000–50100 (for FTP active/passive) | | TLS minimum version | TLS 1.2 | | Allowed ciphers | ECDHE-RSA-AES256-GCM-SHA384, etc. (no RC4, no 3DES) |