IBM Secure Proxy

Advanced edge security for your multi-enterprise data exchanges with high speed bridging and dynamic routing

IBM Secure Proxy is a Demilitarized Zone (DMZ) application proxy that protects file transfers from the public Internet , imposing strict controls such as business partner authorization, multifactor authentication, and session interruption before the transfer get in the zone of trust.
IBM Sterling Secure Proxy provides you with a completely secure B2B file transfer.

The new dynamic routing capability empowers you to transparently migrate clients between different internal systems. It minimizes the risk of disruption during system migrations while avoiding external communication and coordination requirements. The real value is that it insulates your external trading partners and customers from your internal systems changes.

  Keep files in good hands, with features that include:

Application proxy.

  • Resident in the demilitarized zone (DMZ).

  • Supports IBM Connect:Direct servers, IBM Connect Express and IBM B2B Integrator.

  • Supports multiple DMZ environments.

  • Supports HSAO-FASP, FTP, FTPS, SCP, HTTP, HTTPS, AS2, SSH/SFTP, PeSIT and IBM Connect:Direct protocols.

  • Certified to run on most popular platforms including Linux, AIX, and Windows.

  • Integrates with existing directory services such as LDAP, Active Directory, and Tivoli.

  • Supports High speed add-on bridging.

  • Supports Dynamic Routing.

  • Includes a FIPS 140-2 compliant data encryption module with the option to force strict FIPS mode communications.

Firewall navigation practices.

  • Prevents entry holes in the firewall.

  • Minimize key destinations in the demilitarized zone by ensuring that files, user credentials and data are not stored in the demilitarized zone.

  • Establish sessions from trusted areas to areas of lower confidence.

  • Enforces internal and external security policies.

Perimeter security.

  • Prevents direct communications between internal and external sessions by establishing secure  session interruptions in the demilitarized zone via SSL or TLS.

  • Inspect sensitive control information and protocol, enabling configurable error handling for violations.

  • Session limits and data encryption protect against denial of service attacks.

Authentication services.

  • The customizable login portal provides self-service password management for business  partners.

  • Supports single sign-on and integrates with existing security infrastructure, including Active  Directory and Tivoli user databases.

  • Multifactor authentication imposes severe controls and validation of business partner identity in  DMZ before the information passes into the trusted zone.

  • Authentication options include the IP address, user ID and password, digital certificates, SSH  Keys, RSA SecurID.


  • A central configuration manager directs configuration rules to several engines running in the  demilitarized zone, facilitating the expansion.

  • Clustering for high availability and load balancing provides operational continuity and increased  throughput.

For a high availability deployment, you can install more than one IBM Secure Proxy node. In the following example, two IBM Secure Proxy nodes redirect requests to two B2B Advanced Communications nodes.


Contact B2B Next if you have questions or need more information about IBM Secure Proxy.

We will be happy to help you.