...
Separate Ceptor Servers and Gateways (recommended)
| Drawio | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
In this setup, which is the recommended setup, gateways are deployed together with a load balancer in a DMZ zone, and the Ceptor server is behind the inner firewall.
...
The best security is archived if you separate gateway and server and deploy the server inside a 2nd firewall layer.
| Drawio | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
A better alternative, depending on the capabilities of the load balancer might be something like this. If your load balancer is just a dumb TCP forwarder, this is security-wise not any better than the one above, but if your load balancer also has Application Firewall capability you will be more secure this way.
| Drawio | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
In both cases, the number of port openings in the firewall will be limited compared to the setup with separate servers.
...