Routing Connections Through the On-Premise Agent

The Files.com Agent provides a simple, secure way to connect your Files.com site to internal servers without needing VPNs, VPC peering, firewall openings, or network redesign. Customers use this feature when they need Files.com to access private infrastructure that cannot be exposed to the public internet. It solves the common challenges enterprises face when linking cloud systems to internal networks—complex connectivity requirements, long implementation timelines, and heavy maintenance overhead. Files.com designed this capability to deliver secure private connectivity at the application layer, removing the need for customers to manage complex networking or modify their existing infrastructure.

Traditionally, connecting a cloud service to an internal server requires VPNs, VPC peering, private endpoints, or inbound firewall rules. VPNs and VPC connections provide the secure, compliant, and controlled environment that enterprises require when linking cloud platforms with their internal systems. These private connections help organizations reduce security and compliance risks, align with strict internal IT and governance policies, maintain predictable performance and reliability, avoid exposing internal systems to the public internet, and protect sensitive data as it moves between environments. They allow companies to integrate cloud services without restructuring legacy systems, enabling smoother adoption of cloud technologies while meeting business, regulatory, and operational expectations. However, these approaches introduce operational complexity, long-term maintenance overhead, and additional security risk.

Agent-routed connections eliminate these requirements. The Agent establishes outbound connections only, which aligns with enterprise security models and reduces attack surface. No inbound firewall ports are required, and no private networking constructs need to be managed.

This design mirrors the architectural goals behind major cloud provider announcements, such as Amazon’s VPC and private connectivity initiatives, which focus on enabling cloud services to reach private infrastructure without exposing it publicly. Files.com delivers this capability directly at the application layer, without requiring customers to redesign their networks or deploy complex connectivity infrastructure.

How It Works

With Agent-routed connections, Files.com connects to the Agent, and the Agent establishes and maintains the connection to the internal server. All traffic flows outbound from the private network, which removes the need to open firewall ports or publish external endpoints.

Connection Behavior

When Agent routing is enabled, the Files.com platform never connects directly to the server. Files.com establishes a secure, high-performance connection to the Agent, and the Agent initiates a connection session to the internal server. The internal server does not require a public IP address and does not accept inbound connections from the internet.

Users and Automations interact with the Remote Server exactly as they would with any other integration. File transfers, directory listings, and metadata operations behave the same way, but transfers complete faster and more reliably.

Supported Connection Types

The following types of connection can be made via the Agent:

• SFTP
• FTP(S) (coming soon)
• WebDAV (coming soon)
• Akamai Linode
• Amazon S3
• Backblaze B2
• Cloudflare R2
• Filebase
• Google Cloud Storage
• Google Drive
• Microsoft Azure Blob
• Microsoft Azure Files
• S3 compatible storage
• Wasabi

You can also enable all supported types of routing through the Agent configuration file. Edit the configuration file and set the integrations value to "all".

Save the change and restart the Agent so it can advertise routing support to your Files.com site.

Eliminates Inbound Connections from the Internet

Agent-routed connections address common security concerns by keeping the internal server fully private. The server does not listen on the public internet and remains protected from scanning, brute-force attempts, and protocol-level attacks. All outbound connections originate from the Agent host, which you control inside your environment.

You maintain full control over which internal systems the Agent can access. Authentication, encryption, and access controls remain unchanged, and Files.com never requires inbound access to your private network.