Data Security Gateway (DSG)
The DSG is a flexible platform that applies security operations on the network to protect sensitive data in various environments, including on-premises, virtualized, and cloud. It safeguards data across SaaS applications, web interfaces, APIs, and file transfers using Configuration over Programming (CoP) profiles.
Architecture diagram for DSG v4.0.0
Architecture diagram for ESA v10.2.0 with v4.0.0
Architecture diagram for DSG v4.0.0 in TAC
| Component | Active Flow | Failover Flow |
|---|---|---|
| Deployment of Rulesets from ESA | _____ | - - - - - - |
| Package Download | _____ | - - - - - - |
| Forwarding of Audit Events to ESA | _____ | - - - - - - |
Communication Flow
DSG-1: DSG node configured during DSG patch installation in ESA.
DSG-2 to DSG-n: Other DSGs in TAC
The following table describes communication flows as depicted in diagrams above.
| Flow | Request Initiator | Destination | Port | Protocol | Flow Description | Configuration |
Deployment of Rulesets from ESA | ESA P1 | DSG-1 | 443 | TLS | Step-1: ESA P1 initiates HTTPs request to DSG-1 directly, without GTM/LTM, to send command for DSGs to pull rulesets from ESA P1. If DSG-1 is down, then ESA P1
connects to any of the DSGs i.e. DSG-2 to DSG-n. | Primary Active Flow: Sticky to ESA P1 with other ESAs as standby ESA P1 -> DSG-1 DR Flow: Sticky to ESA S3 with other ESAs as standby ESA S3 -> DSG-1. |
| DSG node registered in ESA | All other DSGs in TAC | 8300 | TLS | Step-2: DSG forwards the command to pull rulesets to all other DSGs in TAC. | Not Applicable | |
| All DSGs in TAC | GTM | 443 | TLS | Step-3: All DSGs in TAC pulls rulesets from ESA P1 in parallel. | Primary Active Flow: Sticky to ESA P1 with other ESAs as standby All DSGs in TAC ->GTM-> LTM-1-> ESA P1. DR Flow: Sticky to ESA S3 with other ESAs as standby. All DSGs in TAC -> GTM -> LTM-2 -> ESA S3 | |
Package Download | RPP in the DSG node | RPP in ESA | 25400 | TLS |
| Primary Active Flow: Sticky to ESA P1 with other ESAs as standby. DSG -> GTM -> LTM-1 -> ESA P1 DR Flow: Sticky to ESA S3 with other ESAs as standby. DSG ->GTM -> LTM-2 -> ESA S3 |
Forwarding of Audit Events to ESA | Log Forwarder in the protector node | Insight in ESA | 9200 | TLS |
| Primary Active Flow: Routed to all ESAs in the Primary
Site. DSG -> GTM ->LTM-1 ->ESA P1, S1, S2 DR Flow: Routed to all ESAs in the DR Site. DSG -> GTM -> LTM-2 -> ESA S3, S4, S5 |
Forwarding of Audit Events to External SIEM using the ESA. | Log Forwarder in the DSG node | TD-Agent in ESA | 24224/ 24284 | Non-TLS/TLS |
| Primary Active Flow: Routed to all ESAs in the Primary Site. DSG -> GTM -> LTM-1 -> ESA P1, S1, S2 -> External SIEM DR Flow: Routed to all ESAs in the DR Site. DSG -> GTM -> LTM-2 -> ESA S3, S4, S5 -> External SIEM |
Feedback
Was this page helpful?