For DMZ configuration, several options are available with Waarp.
1) Waarp Gateway FTP
By installing a Waarp Gateway FTP in DMZ, you can have FTP transfers from outside in connection with a Waarp R66 server installed in the DMZ too. The Gateway FTP will allow sending or receiving of file through FTP to/from outside, while the Waarp R66 will allow sending or receiving to/from internal side. The links will be made through rules, bot in Gateway FTP and in Waarp R66.
In that case, the R66 DMZ server does not need necesseraly to be accessible from outside natively, since it is accessed through FTP service.
Gateway FTP
Waarp R66
2) Waarp R66 in forward mode
By installing a DMZ R66 server, through the rules, it could act as a forward request will full checking.
The interest is to have full checking at once for all type of transfers, without having to directly connect to internal R66 servers from outside. The drawback is that this DMZ R66 server has a full configuration (using database and all host authentications), which could lead to some issues in very high level protected area.
3) Waarp Proxy R66
By installing a Proxy R66 server, it will forward in both ways requests directly to external or internal R66 servers.
The interest is to have a minimalist R66 server in DMZ, with no configuration that could be a source of attack. The drawback is that no control is made within this Proxy R66 server, meaning that the packet are just transmistted as is to the internal or external R66 partner. However, if some attacks as deny of service are made, this will be probably the first level of catch, then enhancing the security level of the R66 solution.
The configuration is made by pair, meaning that each listening interface (address, port, ssl mode) is linked to one and only one proxified interface (address, port, ssl mode). Therefore, let say that on internal side we have a R66 server named A, on external side a R66 server named B, the configuration will be as follow:
Therefore, in A, the configuration to access to B is made through address/port/SSL mode defined in B', while the remote partner B will access to A through address/port/SSL mode defined in A'.