Data Security Gateway (DSG)
The DSG is a flexible platform that applies security operations on the network to protect sensitive data in various environments, including on-premises, virtualized, and cloud. It safeguards data across SaaS applications, web interfaces, APIs, and file transfers using Configuration over Programming (CoP) profiles.
Architecture diagram for DSG v3.3.0.0
Architecture diagram for ESA v10.1.0 with v3.3.0.0
Architecture diagram for DSG v3.3.0.0 in TAC
| Component | Active Flow | Failover Flow |
|---|---|---|
| Deployment of Rulesets from ESA | _____ | - - - - - - |
| Policy Download | _____ | - - - - - - |
| Forwarding of Audit Events to ESA | _____ | - - - - - - |
Communication Flow
DSG-1: DSG node configured during DSG patch installation in ESA.
DSG-2 to DSG-n: Other DSGs in TAC
Below table describes communication flows as depicted in diagrams above.
Communication Flow
| Flow | Request Initiator | Destination | Port | Protocol | Flow Description | Configuration |
Deployment of Rulesets from ESA | ESA P1 | DSG-1 | 443 | TLS | Step-1: ESA P1 initiates HTTPs request to DSG-1
directly without GTM/LTM to send command for DSGs to pull
rulesets from ESA P1. If DSG-1 is down, then ESA P1
connects to any of the DSGs i.e. DSG-2 to DSG-n | Primary Active Flow: Sticky to ESA P1 with other ESAs
as standby ESA P1 -> DSG-1 DR Flow: Sticky to
ESA S3 with other ESAs as standby ESA S3 -> DSG-1 |
| DSG node configured during DSG patch installation in ESA | All other DSGs in TAC | 8300 | TLS | Step-2: DSG forwards the command to pull rulesets to
all other DSGs in TAC | Not Applicable | |
| All DSGs in TAC | ESA P1 | 443 | TLS | Step-3: All DSGs in TAC pulls rulesets from ESA P1
parallelly | Primary Active Flow: Sticky to ESA P1 with other ESAs
as standby All DSGs in TAC -> ESA P1 DR Flow: Sticky to
ESA S3 with other ESAs as standby All DSGs in TAC ->
ESA S3 | |
Policy Download | Pepserver in the Protector node | Service Dispatcher in ESA | 8443 | TLS |
| Primary Active Flow: Sticky to ESA P1 with other ESAs
as standby Protector 9.1 ->GTM ->LTM-1 ->ESA
P1 DR Flow: Sticky to ESA S3 with other ESAs as
standby Protector 9.1 ->GTM ->LTM-2 ->ESA S3 |
Forwarding of Audit Events to ESA | Log Forwarder in the protector node | Insight in ESA | 9200 | TLS |
| Primary Active Flow: Routed to all ESAs in the Primary
Site Protector 9.1/10.0 ->GTM ->LTM-1 ->ESA P1,
S1,S2 DR Flow: Routed to all ESAs in the DR
Site Protector 9.1/10.0 ->GTM ->LTM-2 ->ESA S3,
S4,S5 |
Forwarding of Audit Events to External SIEM using the
ESA | Log Forwarder in the protector node | TD-Agent in ESA | 24224/ 24284 | Non-TLS/TLS |
| Primary Active Flow: Routed to all ESAs in the Primary
Site Protector 9.1/10.0 ->GTM ->LTM-1 ->ESA P1,
S1,S2 -> External SIEM DR Flow: Routed to all ESAs in
the DR Site Protector 9.1/10.0 -> GTM -> LTM-2 ->
ESA S3, S4,S5 -> External SIEM |
Feedback
Was this page helpful?