5.2.3. Both Firewalls Closed, with DMZ
Prev 5.2. How-To Scenarios Next

5.2.3. Both Firewalls Closed, with DMZ

Primary Use  Securely transmit data over insecure networks, without VPNs.

[Note]

Since slaves initiate the connection to the tunnel master, the DataHub instance on the DMZ is the tunnel master, and both the other DataHub instances are tunnel slaves.

  1. On the DMZ, configure the DataHub instance as tunnel master.

  2. Move to the Data Source side, and connect the DataHub instance to the data source.

  3. Still on the Data Source side, configure the DataHub instance as tunnel slave, making sure to configure these options as follows:

    • For Data Flow Direction: choose Read-only for one-way, or Read-write for bidirectional data flow

    • For When Connection Initiated: choose Override Master's values with mine.

    • For When Connection Lost: choose Mark Master's data “not connected”.

    These options are set this way because for this first part of the tunnel, the tunnel slave acts as the authoritative data source.

  4. Move to the Data User side and configure this DataHub instance also as tunnel slave, making sure to configure these options as follows:

    • For Data Flow Direction: choose Read-only for one-way, or Read-write for bidirectional data flow

    • For When Connection Initiated: choose Get all values from Master.

    • For When Connection Lost: choose Mark data here “not connected”.

    These options are set this way because for this second part of the tunnel, the tunnel master on the DMZ is the authoritative data source.

  5. Connect the data user to the DataHub instance.

See also Tunnelling Security - Best Practices.

Prev Up Next
5.2.2. One Firewall Closed, Outbound Home 5.3. Configuring the Tunnel Master