clarification about SFTP configuration's options in DMZ and network

Question

Dear CompleteFTP team,

Once more thank you for your previous feedback. We still need some clarification avout SFTP options.

We read the configurations suggested in the links https://enterprisedt.com/products/completeftp/doc/guide/html/clustering.html and https://enterprisedt.com/products/completeftp/doc/guide/html/gateway.html but we would like to be sure how configurations could be performed.

 

As we have a DMZ and a private network, we would like to understand which of the two approaches below is it possible to configure with CompleteFTP ?

1/ DMZ gateway approach where SFTP server will be installed in the private network and gateway in the DMZ (files and keys are stored in the private network) or

2/ SFTP in DMZ approach where SFTP server will be installed in the DMZ hence files/keys are stored in the DMZ.

 

Please can you provide some details in your response ?

 Hope to read you soon.

 Best regards.

Answer 1

Response to 1:

Using a gateway you can already store all files on the private server, but until version 12.1.5 if you wanted to keep all user accounts on the private server then you could only authenticate them via password.  From version 12.1.5, which will be released in early February (2020), you'll be able to authenticate users by public key as well.  In other words, you'll be able to keep all files and users account on the private server and authenticate using a public key.  The only key that you'll need to store in the DMZ is the DMZ server's own private key.

Response to 2:

Yes you can do that as well (in the current version, i.e. 12.1.4 and earlier)