Secure communication to multiple end customers' 3rd party servers
Application Type
Reactive, Service

We have a set of multi-tenant apps provided through our company's PaaS OutSystems platform in AWS.   These apps need to connect to servers behind our multiple customers' firewalls to function.  Our current approach has been to request the customers to insert exceptions in their firewall rules that allow inbound connections from our PaaS OutSystems servers, but this is not an ideal solution and raises security concerns.

Is there a better way to achieve the above whereby multiple secure communication channels could be set up from our different customers to the VPC (or specific servers) that hosts our OutSystems front-end servers?  I.e. that instead of creating firewall rule exceptions in each clients' firewall to allow comms, they can set up dedicated, permanent tunnels to our VPC that opens up comms from our OutSystems VPC to the 3rd party servers we need to reach on their end?

Thanks in advance for the help.  Hope this makes sense.

It does make sense, a site-to-site VPN is your best option. On your side you want only to expose (in the VPN) a single gateway/proxy (on a dmz) NAT'n your frontend requests to the customer network (as you don't want to expose your servers to your customers as well). Nevertheless, firewall rules (traffic filtering) should always be in place on both vpn endpoints.


Community GuidelinesBe kind and respectful, give credit to the original source of content, and search for duplicates before posting.