Scribd
Upload
188 views

GoAnywhere System Architecture Guide

Uploaded by

paterson83
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
188 views

GoAnywhere System Architecture Guide

Uploaded by

paterson83
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 29

GoAnywhere MFT System Architecture Guide

© Fortra, LLC and its group of companies. All trademarks and registered trademarks are the property of their respec�ve owners.
Copyright Terms and Condi�ons
Copyright © Fortra, LLC and its group of companies. All trademarks and registered trademarks are
the property of their respec�ve owners.
The content in this document is protected by the Copyright Laws of the United States of America
and other countries worldwide. The unauthorized use and/or duplica�on of this material without
express and writen permission from Fortra is strictly prohibited. Excerpts and links may be used,
provided that full and clear credit is given to Fortra with appropriate and specific direc�on to the
original content. 202304250116

2
Table of Contents
INTRODUCTION ..........................................................................................................................5
Overview ........................................................................................................................................... 5
Which Deployment is Right for me? .................................................................................................... 6
SINGLE MFT SYSTEM...................................................................................................................7
Default .............................................................................................................................................. 7
Comments................................................................................................................................................................. 7

EXTERNAL DATABASE AND USER FILES ........................................................................................8


Comments................................................................................................................................................................. 8
External Gateway ............................................................................................................................... 8
Comments................................................................................................................................................................. 8

HIGH AVAILABILITY ENVIRONMENTS...........................................................................................9


Overview ........................................................................................................................................... 9
Clustering .......................................................................................................................................... 9
GOANYWHERE GATEWAY ......................................................................................................... 10
Load Balancing ................................................................................................................................. 10
CLUSTERED MFT SYSTEMS ........................................................................................................ 11
With Single Gateway ........................................................................................................................ 11
Comments............................................................................................................................................................... 11
With Two Gateways ......................................................................................................................... 12
Comments............................................................................................................................................................... 12

DISASTER RECOVERY................................................................................................................. 13
Basic Considera�ons ........................................................................................................................ 13
DISASTER RECOVERY USING AN ONLINE LICENSE....................................................................... 14
DISASTER RECOVERY USING A STANDARD LICENSE .................................................................... 14
UAT/QA/STAGING AND DEVELOPMENT..................................................................................... 16
CLOUD COMPUTING ................................................................................................................. 17
Amazon (AWS) ................................................................................................................................. 17
Clustered MFT with Two Gateways on Amazon EC2 ............................................................................................... 17
Comments............................................................................................................................................................... 18
Amazon AWS EC2 Performance Recommenda�ons ............................................................................................... 18
Clustered MFT with Two Gateways on Amazon EC2 ............................................................................................... 19

3
MICROSOFT AZURE .......................................................................................................................... 20
Clustered MFT with Two Gateways on Azure ......................................................................................................... 20
Comments............................................................................................................................................................... 21
Microso� Azure Performance Recommenda�ons .................................................................................................. 22

FORTRA-FIED SECURITY ADD-ONS ............................................................................................. 23


ICAP Threat Protec�on & DLP Considera�ons ................................................................................... 23
Overview ......................................................................................................................................... 23
Comments............................................................................................................................................................... 23
Single GoAnywhere Gateway, single GoAnywhere MFT and a single Clearswi� ICAP Gateway ............ 24
Clustered GoAnywhere Gateway’s & MFT Clustered Clearswi� ICAP Gateways .................................. 25
Zero Trust File Transfer Bundle.................................................................................................. 26
Overview ......................................................................................................................................... 26
Comments............................................................................................................................................................... 26

INCORPORATE ALERT LOGIC WEB ACCESS FIREWALL (WAF) ....................................................... 27


Overview ......................................................................................................................................... 27
Comments............................................................................................................................................................... 27
Architecture ..................................................................................................................................... 28
GOANYWHERE PERFORMANCE CONSIDERATIONS ..................................................................... 29
Sizing Heavy Load Environments....................................................................................................... 29
GoAnywhere & Clearswi� Stress Tes�ng ................................................................................................................ 29

4
INTRODUCTION
Overview
GoAnywhere MFT is a managed file transfer (MFT) solu�on which streamlines the exchange of
data between your systems, employees, customers, and trading partners. It provides a single point
of control with extensive security se�ngs, detailed audit trails, and reports.
GoAnywhere MFT's intui�ve interface and comprehensive workflow features can help eliminate
the need for custom programs/scripts, single-func�on tools, and manual processes that were
tradi�onally needed. This innova�ve solu�on can reduce costs, improve the quality of your file
transfers, and help your organiza�on comply with data security policies and regula�ons.
With integrated support for clustering, GoAnywhere MFT can process high volumes of file transfers
for enterprises by load balancing processes across mul�ple systems. The clustering technology in
GoAnywhere MFT also provides ac�ve-ac�ve automa�c failover for disaster recovery.
GoAnywhere MFT can be scaled horizontally by adding addi�onal systems to the cluster.
When paired with a load balancer like GoAnywhere Gateway™, inbound connec�ons to the file
servers can be distributed to the available systems in the cluster. For file transfers performed in
Advanced Workflows (Projects), clustering allows the workload to be distributed across all systems
to increase performance and throughput. As your business and transfer requirements grow,
GoAnywhere MFT can easily grow with it by adding addi�onal systems to the cluster.
This guide describes several common GoAnywhere MFT architectures, demonstra�ng support for
high availability (clustering) and load balancing, as well as the advantages of each configura�on.
Ensuring data backup, disaster recovery, and high availability for your GoAnywhere MFT system
focuses on three key areas:
• GoAnywhere MFT So�ware and License – The program files required for GoAnywhere
MFT to run
• Product Database – Stores the configura�on se�ngs and applica�on data used to run
GoAnywhere MFT
• User Files – The folders for storing user documents and miscellaneous GoAnywhere
se�ngs

5
Which Deployment is Right for me?
GoAnywhere is Opera�ng System agnos�c and supports On-Premises or Cloud deployments.
GoAnywhere also provides a SaaS pla�orm.

6
SINGLE MFT SYSTEM
Default
In this architecture, GoAnywhere MFT is installed behind the corporate front-end firewall. If file
transfer services are enabled, ports to the HTTP/S, FTP, FTPS, SFTP, AS2, and AS4 protocols are
opened on the firewall to allow all inbound connec�ons to GoAnywhere.
The default stand-alone system uses the embedded Derby database, and the user files are located
within the GoAnywhere MFT installa�on directory.

Comments
• Ideal for small opera�ons where a moderate number of files are being transferred and
redundancy, high availability, and disaster recovery are not required.

7
EXTERNAL DATABASE AND USER FILES
In this architecture, the product database has been externalized to use a database vendor of your
choice. The user files have been configured to use an external file server.
Comments
• Data loss is mi�gated since the product database and user files are stored on a separate
server than the GoAnywhere MFT system.
• Leverages the performance improvements of an enterprise database system and file
storage solu�on.
External Gateway
In this architecture, GoAnywhere MFT is installed in the Private Network and GoAnywhere
Gateway is installed in the demilitarized zone (DMZ). No inbound ports are opened into the Private
Network, and no files are stored in the DMZ.

Comments
• GoAnywhere MFT is protected by the GoAnywhere Gateway proxy server in the DMZ.
No inbound ports need to be opened into the private network. No files need to be
stored in the DMZ.
• GoAnywhere Gateway acts as an Enhanced Reverse Proxy and Forward Proxy for
GoAnywhere MFT. This allows your internet connec�ons to remain in the DMZ while
keeping your sensi�ve data inside your firewall when external users upload or
download data from GoAnywhere MFT.
• GoAnywhere Gateway also acts as a load balancer and can scale with your MFT needs.

8
HIGH AVAILABILITY ENVIRONMENTS
Overview
In this architecture, mul�ple GoAnywhere MFT systems are installed behind the corporate front-
end firewall. If file transfer services are enabled, ports to the HTTP/S, FTP, FTPS, SFTP, AS2, and AS4
protocols are opened on the firewall to allow all inbound connec�ons to GoAnywhere.
Clustering
Clustering allows two or more GoAnywhere MFT systems to work together to allow workloads to
be distributed horizontally across mul�ple GoAnywhere MFT installa�ons. In a clustered
environment, two or more GoAnywhere MFT systems within a cluster can connect to the same
product database and user files simultaneously.
This allows these systems to share security se�ngs, trading partner user accounts, configura�ons,
audit logs, and other product tables. If one GoAnywhere MFT system fails, the remaining systems
in the cluster will automa�cally con�nue to process workloads and file transfer requests.
This ac�ve-ac�ve clustered environment also provides the best high-availability op�on for handling
poten�al system failures. If one GoAnywhere MFT system fails, the remaining systems in the
cluster will automa�cally con�nue to service the trading partners.

9
GOANYWHERE GATEWAY
GoAnywhere Gateway is both an enhanced reverse proxy and forward proxy. It provides an
addi�onal layer of network security when your organiza�on needs to safely exchange data with
your trading partners. When using GoAnywhere Gateway as a reverse proxy, no inbound ports
need to be opened into the private/internal network and no sensi�ve data needs to be stored in
the DMZ.
GoAnywhere Gateway is a so�ware-only solu�on which is installed in the DMZ or public-facing
network. Trading partners only connect to authorized GoAnywhere MFT ports, on which routes
requests over a proprietary channel to back-end services (for example, FTP, SFTP, HTTPS), in the
private/internal network. This approach allows your organiza�on to keep sensi�ve informa�on (for
example, data files, user creden�als, keys, cer�ficates) in the private/internal network, keeping
your DMZ in compliance.
When GoAnywhere Gateway is used as a forward proxy for outbound connec�ons, it will hide the
iden��es and loca�ons of those internal systems.
In essence, GoAnywhere Gateway serves as a transparent interface between internal systems and
external systems without exposing sensi�ve files and the private/internal network. This is an
essen�al solu�on for mee�ng strict security policies and complying with state privacy laws, HIPAA,
PCI DSS, SOX, ISO 27000, and GLBA.
Load Balancing
GoAnywhere Gateway can serve as a load balancer for distribu�ng connec�ons across mul�ple
GoAnywhere MFT systems within a cluster. This ac�ve-ac�ve framework provides greater high
availability for mission-cri�cal environments.
As a load balancer, GoAnywhere Gateway spreads connec�ons evenly across the clustered
systems. This load-balancing algorithm is called “round-robin,” which is a common load-balancing
standard.

10
CLUSTERED MFT SYSTEMS
With Single Gateway
In this architecture, GoAnywhere MFT is clustered with two or more systems for high availability,
and the systems are installed in the Private Network. GoAnywhere Gateway is installed in the DMZ
and no inbound ports are opened to the Private Network.
The product database and user files have been externalized to share across each system in the
cluster. GoAnywhere Gateway is providing load balancing for incoming connec�ons, and the
clustered GoAnywhere MFT systems are distribu�ng the project workloads evenly across each
system in the cluster.

Comments
• GoAnywhere MFT is protected by the GoAnywhere Gateway proxy server in the DMZ.
No inbound ports need to be opened into the private network. No files need to be
stored in the DMZ.
• All incoming connec�ons are equally distributed across each system in the cluster.
• Workflow Jobs are distributed across mul�ple systems.
• If one GoAnywhere MFT system experiences a failure, another system in the cluster will
automa�cally take over.
• Leverages the performance improvements of an enterprise database system and file
storage solu�on.
• Addi�onal Gateways as well as MFT servers can be added if needed.

11
With Two Gateways
In this architecture, GoAnywhere MFT is clustered with two or more systems for high availability,
and the systems are installed in the Private Network. A third-party load balancer is distribu�ng
inbound connec�ons across two GoAnywhere Gateways, which are installed in the DMZ, and no
inbound ports are opened to the Private Network.
The product database and user files have been externalized to share across each system in the
cluster. Each GoAnywhere MFT system in the cluster is configured to use each Gateway, and the
clustered GoAnywhere MFT systems are distribu�ng the project workloads across each system in
the cluster.

Comments
• Mul�ple GoAnywhere Gateway systems are providing high availability for the reverse
proxy.
• GoAnywhere MFT is protected by the GoAnywhere Gateway proxy servers in the DMZ.
No inbound ports need to be opened into the private network. No files need to be
stored in the DMZ.
• All incoming connec�ons are distributed across each system in the cluster.
• Advanced Workflow Projects and Jobs are distributed across mul�ple systems.
• If one GoAnywhere MFT system experiences a failure, another system in the cluster will
automa�cally take over.
• Leverages the performance improvements of an enterprise database system and file
storage solu�on.
• Addi�onal Gateways as well as MFT servers can be added if needed.

12
DISASTER RECOVERY
Basic Considera�ons
While clustering ensures the GoAnywhere MFT system will con�nue running if a single system has
failed, disaster recovery (DR) ensures you have an adequate backup and recovery solu�on in a
situa�on where your en�re produc�on site fails.
There are several ways to incorporate Disaster Recovery into a GoAnywhere architecture. A few
examples are below:
• Single GoAnywhere Gateway plus single GoAnywhere MFT server in Produc�on as well
as DR
• Mul�ple GoAnywhere Gateways plus mul�ple GoAnywhere MFT servers in Produc�on
as well as DR
• Mul�ple GoAnywhere Gateways plus mul�ple GoAnywhere MFT servers in Produc�on
• Single GoAnywhere plus mul�ple GoAnywhere MFT servers and DR
• Single GoAnywhere Gateway plus mul�ple GoAnywhere MFT servers in Produc�on
• Single GoAnywhere Gateway plus single GoAnywhere MFT server in DR
In the disaster recovery example below, the produc�on GoAnywhere MFT is clustered with two or
more systems for high availability, and the systems are installed in the Private Network.
A third-party load balancer is sending inbound connec�ons across two GoAnywhere Gateways,
which are installed in the DMZ, and no inbound ports are opened to the Private Network. The
product database and user files have been externalized to share data across each system in the
produc�on cluster and for replica�on to the disaster recovery site.
The disaster recovery site also contains redundant Gateways and clustered GoAnywhere MFT
systems. If the produc�on system becomes unavailable, the DR site can come online with the
replicated user files and replicated product database.
NOTE: It is your responsibility to replicate the user files and product database using a third-party
solution.

13
DISASTER RECOVERY USING AN ONLINE LICENSE
Online licenses include a ‘Restricted Disaster Recovery’ feature. This allows the replica�on of an
instance for a brief period of �me. When an online license that was ac�vated on one system is
used on another system, GoAnywhere will enter Limited Mode. While in Limited mode, users will
be unable to add Web Users, Resources, or Projects.
If the primary system goes down, and it becomes necessary for the replicated instance to become
the primary, the license will remain valid as long as it is only being used for one system.
Deac�va�ng a current license will deac�vate the primary and secondary system. The license page
in GoAnywhere MFT allows an admin to ac�vate a new license without deac�va�ng the current
license. See the GoAnywhere MFT Users Guide within our customer portal for more informa�on.

DISASTER RECOVERY USING A STANDARD LICENSE


If you have not purchased the disaster recovery feature with your standard license but would like
to test the process, you can request a temporary license ahead of �me. Once the system is

14
replicated or restored from the backup or DR instance, simply remove the .lic file, restart
GoAnywhere, and ac�vate the temporary license. You will then be able to test the DR instance on
the temporary evalua�on license.
If your primary instance is down and you need to use the DR instance long-term, deac�vate the
paid license and then reac�vate it. This will reset the MAC address assigned to the license. For
more informa�on, see the GoAnywhere MFT User Guide within our customer portal.
If a permanent Disaster Recovery license is required, it must be purchased and can be procured
through your account manager.

15
UAT/QA/STAGING AND DEVELOPMENT
Fortra recommends that customers include addi�onal GoAnywhere MFT licenses for development
and/or tes�ng purposes. Doing so will help when implemen�ng best prac�ces surrounding the
development of new workflows, business use cases, quality assurance, and security best prac�ces
without impac�ng Produc�on.
• Extra licenses are helpful for providing change control and quality assurance of new
workflows that you build in GoAnywhere MFT
• This architecture facilitates tes�ng of new releases/patches provided by Fortra in an
isolated environment, Minimizing Produc�on down�me
• UAT and Development environments are ideal for performing rou�ne load tes�ng,
helping you scale Produc�on resources to meet forecasted growth demands
• This architecture allows you to install and test the latest version of GoAnywhere before
upda�ng Produc�on, mi�ga�ng incompa�bility issues
GoAnywhere MFT includes tools to allow authorized users to promote workflows, schedules, and
other items from a Development/Test environment into Produc�on.

16
CLOUD COMPUTING
Amazon (AWS)
Clustered MFT with Two Gateways on Amazon EC2
In this architecture, GoAnywhere MFT is installed on two Amazon Machine Images (AMI).
GoAnywhere is clustered for high availability, and the systems are installed in Amazon's Private
Cloud Network. GoAnywhere Gateway is installed in the DMZ within each Availability Zone, and no
inbound ports are opened to the Private Cloud Network.
The product database and user files have been externalized to Amazon's Rela�onal Database
Service (RDS) and Amazon's Elas�c File System (EFS) to share data across each system in the
cluster. Each GoAnywhere MFT system in the cluster is configured to use each Gateway, and the
clustered GoAnywhere MFT systems are distribu�ng the project workloads evenly across each
system in the cluster.

17
Comments
• Mul�ple GoAnywhere Gateway systems provide high availability for the reverse proxy.
• GoAnywhere MFT is protected by the GoAnywhere Gateway proxy servers. No inbound
ports need to be opened into the Virtual Private Cloud (VPC). No files are stored outside
the VPC.
• All incoming connec�ons are distributed across each system in the cluster.
• Advanced Workflow Projects and Jobs are distributed across mul�ple systems.
• If one GoAnywhere MFT system experiences a failure, another system in the cluster will
automa�cally take over.
• Leverages the performance improvements of a cloud system, database, and file storage
solu�on.
Amazon AWS EC2 Performance Recommenda�ons
The following table provides high-level storage and database recommenda�ons for small- to
medium- size deployments and enterprise-level deployments.
Small- to medium-size deployments are defined as having:
• Under 50k daily inbound and outbound transac�ons
o File sizes under 500 MB
• Under 10k daily workflow jobs comprised of SQL, data transla�on, Web Service calls,
and PGP
Enterprise-level deployments are defined as having:
• Over 50k daily inbound and outbound transac�ons
• Over 10k daily workflow jobs comprised of SQL, data transla�on, Web Service calls, and
PGP
NOTE: Fortra recommends load testing in UAT or staged environments for definitive environment
settings that suit your organization’s requirements.

18
Clustered MFT with Two Gateways on Amazon EC2
Deployment Size Applica�on Server Size Storage Database

Small to medium Two medium EC2 T3 EFS File System RDS


instances
General purpose Produc�on template
performance mode
Provisioned IOPS at 40000
Burs�ng throughput
mode

Enterprise Two or more large EC2 EFS File System RDS


T3 instances
Max IO performance Produc�on template
mode
Provisioned IOPS at 60000
Burs�ng throughput
mode

19
MICROSOFT AZURE
Clustered MFT with Two Gateways on Azure
In this architecture, GoAnywhere MFT is clustered for high availability, and the systems are
installed in Azure's Private Cloud Network. GoAnywhere Gateway is installed in the DMZ within
each Availability Zone, and no inbound ports are opened to the Private Cloud Network. The
product database and user files have been externalized to Azure's SQL Database Service (RDS) to
share data across each system in the cluster. Each GoAnywhere MFT system in the cluster is
configured to use each Gateway, and the clustered GoAnywhere MFT systems are distribu�ng the
project workloads evenly across each system in the cluster.

20
Comments
• Mul�ple GoAnywhere Gateway systems provide high availability for the reverse proxy.
• GoAnywhere MFT is protected by the GoAnywhere Gateway proxy servers in the DMZ.
No inbound ports need to be opened into the private cloud network. No files are stored
in the private cloud.
• All incoming connec�ons are distributed across each system in the cluster.
• Advanced Workflow Projects and Jobs are distributed across mul�ple systems.
• If one GoAnywhere MFT system experiences a failure, another system in the cluster will
automa�cally take over.
• Leverages the performance improvements of a cloud system, database, and file storage
solu�on.

21
Microso� Azure Performance Recommenda�ons
The following table provides high-level storage and database recommenda�ons for small -to
medium-size deployments and enterprise-level deployments.
Small- to medium-size deployments are defined as having:
• Under 50k daily inbound and outbound transac�ons
o File sizes under 500 MB
• Under 10k daily workflow jobs comprised of SQL, data transla�on, Web Service calls,
and PGP
Enterprise-level deployments are defined as having:
• Over 50k daily inbound and outbound transac�ons
• Over 10k daily workflow jobs comprised of SQL, data transla�on, Web Service calls, and
PGP

Deployment Applica�on Server Size Storage Database

Size

Small to medium Two general purpose virtual Azure Files: General Azure SQL Database
machines (Dsv3, Dv3, Dasv4, purpose version 2 (GPv2) (vCore Purchasing
Dav4, DSv2, Dv2, Av2, DC, storage accounts Model): General
DCv2, Dpdsv5, Dpldsv5, Purpose
Dpsv5, Dplsv5, Dv4, Dsv4,
Ddv4, Ddsv4, Dv5, Dsv5,
Ddv5, Ddsv5, Dasv5, Dadsv5)
with 4 Cores & 16 GB RAM

Enterprise Two or more general purpose Azure Files: storage Azure SQL Database
virtual machines (Dsv3, Dv3, accounts (vCore Purchasing
Dasv4, Dav4, DSv2, Dv2, Av2, Model): Business-
DC, DCv2, Dpdsv5, Dpldsv5, cri�cal or Hyperscale
Dpsv5, Dplsv5, Dv4, Dsv4,
Ddv4, Ddsv4, Dv5, Dsv5,
Ddv5, Ddsv5, Dasv5, Dadsv5)
with 8 Cores & 32 GB RAM

22
FORTRA-FIED SECURITY ADD-ONS
ICAP Threat Protec�on & Data Loss Preven�on (DLP) Considera�ons
Overview
As part of an all-encompassing data security strategy, organiza�ons need to secure and protect
content that is uploaded or downloaded from the web or shared via MFT solu�ons.
The Clearswi� Secure ICAP Gateway complements exis�ng web proxy infrastructures and MFT
so�ware to provide an added layer of data security. A deep content inspec�on engine detects
sensi�ve or cri�cal data, ac�ve and malicious threats, and then applies the appropriate remedial
ac�on, allowing safe content to flow through & reducing business disrup�on.
Comments
• The Clearswi� Secure ICAP Gateway enhances GoAnywhere’s ability to control
informa�on by applying deep content inspec�on and Adap�ve Data Loss Preven�on.
• GoAnywhere uses the Clearswi� Secure ICAP Gateway to inspect, detect, and clean
metadata and revision history in files being transferred.
• GoAnywhere MFT is protected by the GoAnywhere Gateway proxy servers in the DMZ.
No inbound ports need to be opened into the private cloud network. No files are stored
in the private cloud.
• Data loss is mi�gated since the product database and user files are stored on a separate
server than the GoAnywhere MFT system.
• Leverages the performance improvements of an enterprise database system and file
storage solu�on.
• Content scanning controls can be placed on inbound or outbound files.

23
Single GoAnywhere Gateway, single GoAnywhere MFT and a single Clearswi� ICAP
Gateway
In this architecture, a single GoAnywhere Gateway in the DMZ with a single GoAnywhere MFT
server on an internal network/LAN is installed with a single Clearswi� ICAP Gateway posi�oned
near the GoAnywhere MFT server.

24
Clustered GoAnywhere Gateway’s & MFT Clustered Clearswi� ICAP Gateways
In this architecture, mul�ple GoAnywhere Gateways are posi�oned in a DMZ along with mul�ple
GoAnywhere MFT servers installed within an internal network. Mul�ple Clearswi� ICAP Gateways
are also installed within the same internal network.
In this architecture, the number of Clearswi� ICAP Gateways is can be architected by:
• One Clearswi� ICAP Gateway per GoAnywhere MFT Server
• Mul�ple Clearswi� ICAP Gateways per GoAnywhere MFT Server
• One Clearswi� ICAP Gateway per site
Considera�ons such as number of files, size of files, content scanning rules, and the �meframe that
file scans should complete can all be factored into the decision-making process. Fortra has also
performed load simula�ons which can be provided upon request.
GoAnywhere’s workflows automate file transfers while the Secure ICAP Gateway iden�fies and
neutralizes threats.
Please contact your GoAnywhere Account Manager to learn more about Clearswift Secure ICAP
Gateway. You can review the Clearswift Secure ICAP Gateway datasheet (csw-secure-icap-gateway-
ds.pdf (fortra.com)).

25
Zero Trust File Transfer Bundle
Overview
Most file transfer solu�ons have been designed to transfer sensi�ve informa�on when using
secure connec�ons and encryp�on to protect data. However, secure connec�ons as well as
encryp�on algorithms such as PGP may be inadequate if there is not 100% trust and data is
sensi�ve. A few examples are:
• Files are sent via email. A�er download/decryp�on, unencrypted file is forwarded to
un-authorized recipient
• Files land on SFTP or shared storage. A�er decryp�on, file and/or contents can easily be
shared
Fortra’s Zero Trust File Transfer solu�on can secure any type of file in cloud or on-premises when
used in conjunc�on with GoAnywhere. Security policies follow the file which allows IT security
teams to define granular usage rights that control how files are used and distributed, even once
they are stored on devices outside of your network.
You can then track any file and use granular controls to prevent unauthorized access and revoke
privileges at any �me. If data ever leaks or is downloaded from GoAnywhere, Fortra’s zero Trust
File protec�on that adds access control and security that s�cks to the file anywhere it travels.
Please contact your GoAnywhere Account Manager to learn more about this solu�on. You can also
review more informa�on about the Zero Trust File Transfer Bundle.
Comments
• Never trust, always verify: Authen�cate each access point, verify every iden�ty, and
limit access.
• Encrypt data end-to-end, allowing access via secure email download links.
• Provide visibility and real-�me analy�cs to monitor and detect threats.
• Instantly revoke access to shared files and services.
• For encrypted files and documents, rotate PGP keys frequently for maximum security.

26
INCORPORATE ALERT LOGIC WEB ACCESS FIREWALL (WAF)
Overview
Web applica�ons (Including GoAnywhere) are important to your business and a vital part of how
customers interact with you. Unfortunately, they also give atackers another gateway into your
cri�cal assets and data. Businesses need to accurately dis�nguish approved traffic from malicious
threat actors in real-�me.
Fortra Managed Web Applica�on Firewall (WAF) provides you with a highly versa�le, fully
managed, enterprise-level, and cloud-ready solu�on supported by our team of experts.
Please contact your GoAnywhere Account Manager to learn more about this solu�on. You can also
review the Web Applica�on Firewall datasheet.
Comments
• Fortra’s Managed WAF service includes installa�on and deployment services to ongoing
configura�on, ensuring your WAF is ready to block threats against your cri�cal web
applica�ons.
• Out-of-the-box policies cover more than 10,000 vulnerabili�es, including unique flaws
in off-the-shelf and custom web applica�ons (e.g., OWASP Top 10, URL tampering, web
scraping, buffer overflow atacks, zero-day web applica�on threats, creden�al stuffing
atacks, API atacks, and DoS atacks).
• Our analysts fine-tune your WAF by monitoring your web applica�on traffic, whitelis�ng
valid requests and data, and building a policy that blocks malicious web traffic and
other undesired ac�vi�es. Our experts become an extension of your security team,
elimina�ng the complexity of policy building and challenges of ongoing threat
management.
• Built-in Fortra Threat Intelligence is used to track the evolu�on of tac�cs and
techniques in the web security space, as well as maintaining a repository of ac�ve
malicious actor IP addresses and atack campaigns including emerging threats.
• Addi�onal security layer for your MFT environment.

27
Architecture
The Alert Logic Web Applica�on Firewall (WAF) can be implemented:
• With a single GoAnywhere Gateway and MFT server
• With mul�ple GoAnywhere Gateways and MFT servers
• On Premises or within your AWS or Azure cloud infrastructure

28
GOANYWHERE PERFORMANCE CONSIDERATIONS
Sizing Heavy Load Environments
GoAnywhere & Clearswi� Stress Tes�ng
Fortra’s Clearswi� pairs with GoAnywhere to provide complete and consistent protec�on across
email, web, and endpoints to allow teams to collaborate securely and effec�vely while providing IT
with needed control and visibility over sensi�ve data.
The Fortra GoAnywhere and Clearswi� teams together have executed load tes�ng against their
pla�orms to provide benchmarks which can be used to properly architect our solu�ons. More
informa�on about content scanning using Clearswi� is provided in the Add-Ons sec�on.
The stress test guide is available upon request and outlines the performance of the following
simula�ons:
• GoAnywhere MFT with GoAnywhere Gateway
• GoAnywhere MFT, GoAnywhere Gateway with Clearswi�’s Secure ICAP Gateway to scan
all files for threats as well as banned media types.
The document also reviews system modifica�ons to tweak system performance if this capability is
required.

29

You might also like