What Is a Secure File Transfer Gateway?


According to Gartner, a gateway is “a computer that sits between different networks or applications.” For example, a gateway could convert data to a different format or protocol as it travels from an enterprise network to the Internet.

A secure file transfer gateway is used by on-premises file transfer systems for external file transfer. It sits outside of the enterprise local area network (LAN) in the demilitarized zone (DMZ). It’s placed in the DMZ so that external parties aren’t connecting to a server in the enterprise LAN. This adds a layer of protection and eliminates the need to open outbound ports.

How Does a Gateway Work?

I’ll use the example of an SFTP file transfer from a partner to the enterprise:

  1. The partner’s server sends files to the gateway.
  2. The gateway translates or encrypts the information, which may cause a short delay.
  3. The gateway forwards the files to the internal enterprise server over a pre-established connection.

In the steps above, the gateway can’t decide to allow or block the incoming traffic. Because of this vulnerability, gateways are often configured to act as a proxy server, reverse proxy or firewall.

Gateways are configured to act like proxy servers or reverse proxies so that they can block websites or hide computers’ IP addresses. Gateways may be configured to act like a firewall to block unwanted traffic and malicious software.

Disadvantages of File Transfer Gateways

There are four main disadvantages of a file transfer gateway:

  1. It requires additional IT time to set up, maintain and troubleshoot.
  2. Gateways require maintenance just like any other part of an IT ecosystem.

  3. It diverts IT resources away from more important projects.
  4. Because gateways take time to set up and maintain, IT team members have less time to devote to value-adding projects. As a result, an IT team may end up behind their competitors in digital transformation and other initiatives.

  5. It delays file transfers, which may affect productivity.
  6. If the secure file transfer gateway translates or encrypts information before sending it to the recipient, file transfers are delayed. The delay could be small (milliseconds or seconds) if the payload is small, but as payloads grow, delays grow with them.

    A delay of several minutes or hours before files are delivered could limit employees’ productivity and reduce customer satisfaction.

  7. It adds a potential point of failure.
  8. If you use a file transfer gateway, your IT and cybersecurity teams need to plan around another potential point of failure. You need to figure out where to reroute traffic if the gateway fails and how to keep the gateway secure.

Replace File Transfer Gateways with MFT Nodes

The Thru Node is a client installed on the LAN connected to the managed file transfer (MFT) system in the cloud over HTTPS. This design eliminates the need to have a gateway server in the DMZ without compromising file transfer security.


  1. Uses outbound port 443 (HTTPS) which is generally open to access the internet.
  2. Thru Node can also be used for internal LAN to LAN transfers.
  3. Depreciate SFTP from your file transfer landscape.


Advanced Industrial Control Technology by Peng Zhang


Have questions about managed file transfer?

Get answers, not a sales pitch. Our experts have analyzed, discussed and solved difficult file transfer challenges since 2002. We are here to help you.

Scroll to Top