TCP
TCP passthrough enables USP to proxy TCP connections between external partners and internal targets without session break security.
Unlike session-break protocols (FTP(S), HTTP(S), and SFTP), TCP passthrough does not terminate the inbound session and create a new outbound session with protocol awareness. Instead, USP forwards TCP traffic transparently between the partner and the internal target.
This mode is intended for TCP-based services that either do not support session break or do not require the additional security layer provided by session-break proxying.
Connection Flow
- An external client initiates a TCP connection to the TCP Listener's port on the USP Server.
- USP accepts the connection, subject to the server's configured connection limits.
- The remote address of the inbound connection is evaluated against the associated IP Filter. If the IP is not allowed, the connection is immediately closed.
- USP establishes a TCP connection to the configured outbound target (hostname and port).
- Once both connections are established, USP proxies the inbound and outbound connections together.
- If the Deployment is configured to use a Tunnel and Client, the outbound connection request is forwarded through the secure tunnel to the Client.
Authentication
TCP does not provide built-in authentication at the protocol layer.
Unlike session-break protocols, TCP does not support proxy-level credential validation or protocol-layer authentication.
IP-Based Access Control
Inbound connections are validated using the IP Filter associated with the TCP Listener. Connections from blocked IP addresses are rejected before proxying occurs.
Secure Tunneling
If a Tunnel and Client are configured in the TCP Deployment, outbound connections are forwarded through the secure tunnel to the Client before reaching the internal target.
This mechanism allows TCP connections to traverse network boundaries without exposing internal services directly.
For configuration details, refer to Deployments.