Reverse Proxy and Forward Proxy - How it Works

GoAnywhere Gateway can serve as both a Reverse Proxy and a Forward Proxy. Typically GoAnywhere Gateway is installed in the demilitarized zone (DMZ) and GoAnywhere Services is installed in the private/internal network.

At startup, GoAnywhere Services creates an outbound connection to GoAnywhere Gateway, which is used as a "control channel" for passing commands and messages between the products.  This control channel will initially provide the proxy details (IP and port mappings) to GoAnywhere Gateway, at which point it will start up "listeners" on the designated IPs and ports for incoming traffic.

Reverse Proxy

When an external client (trading partner) connects to a listener on GoAnywhere Gateway in the DMZ, GoAnywhere Gateway will make a request over the control channel to GoAnywhere Services in the private/internal network. GoAnywhere Services will then create a new outbound data channel to GoAnywhere Gateway. This data channel will be attached to the desired service (e.g. FTP, FTPS, SFTP, HTTP/s) and all traffic for that session will be routed over this new data channel including client authentication requests, data and commands. When the session is terminated, the corresponding data channel will be removed.

How It Works Diagram

Forward Proxy

The Forward Proxy in GoAnywhere Gateway allows you to route client requests from GoAnywhere Director (in the internal network) to external FTP, FTPS, SFTP and SCP servers without revealing the identity or locations of your internal systems.  The Forward Proxy is additionally used by GoAnywhere Services to route active and passive FTP and FTPS data connections through GoAnywhere Gateway.

When a process in GoAnywhere Director or GoAnywhere Services needs to make an outbound connection through the proxy, a request is made to GoAnywhere Gateway with the address of the intended destinationGoAnywhere Gateway will then establish the connection to that destination and will bridge it to the requesting system.