Not protected application reference architecture

The not, or none, protected application Access Gateway really isn't an protected architecture at all, as it represents a baseline or a starting point after an application is integrated with Access Gateway but before any steps are taking to significantly deny direct access to the backing protected web resource.
In this architecture, a single application, referred to as protected web resource, is served to requesting clients using Access Gateway. All URLs (Access Gateway and the backing protected web resource) are typically resolvable using a single DNS server and accessible to all.
This architecture meets the following requirements:

  • No specialized configuration.
  • URLs (Access Gateway and application) are entered into DNS but no further action is taken.
  • Can be used as a baseline for testing and development.

Benefits and drawbacks

Benefits Drawbacks
  • Simple installation
  • Baseline for testing, proof of concept etc
  • Little or no protecting for direct access to protected web resource
  • Protected web resource reachable from the external internet by name or IP
  • Protected web resource reachable from the internal internet by name or IP


In this architecture, external clients can access the application directly if they know the internal URL/IP. Likewise internal network clients can also access the application directly. Represented by neither dotted access path being blocked.



Component Description
External internet External URL External URL used by clients to access Access Gateway on behalf of the protected web resource.


DNS server providing DNS resolution for both the external URL and the internal (protected web resource

DMZ Access Gateway Access Gateway cluster, located in the DMZ is used to provide access to applications used by external internet clients.
Typically hosted in a virtual environment such as Amazon Web Services, MS Azure, Oracle OCI or something similar. See Manage Access Gateway deployment.
Internal network

Internal URL

Internal URL, represented by protected web resource in Access Gateway.

Application Protected web resource (application)

Related topics

Common Access Gateway flows

DNS use

High availability

Access Gateway deployment prerequisites