Dynatrace provides different types of Security Gateways. Security Gateways are the only endpoints used by OneAgents to send data to Dynatrace Server.
Private Security Gateway
A private Security Gateway is downloaded by you from your Dynatrace environment and installed within the your infrastructure. A private Security Gateway is bound to your environment, and is thus only capable of handling traffic from OneAgents that belong to the same environment as the Security Gateway.
A private Security Gateway can only handle traffic from OneAgents, not from other Security Gateways. A private Security Gateway can communicate to Dynatrace server either directly or via a public Managed Security Gateway.
Public Managed Security Gateway (relevant only for Dynatrace Managed)
A public Managed Security Gateway is downloaded by you from your Dynatrace Managed cluster and installed within your infrastructure. A public Managed Security Gateway is capable of handling all traffic that belongs to a Dynatrace Managed cluster (i.e., Security Gateway knows about all environments within the cluster).
Public Managed Security Gateways are typically used to set up a OneAgent connection point in some distant location (for example, a separate data center) or as a dedicated entry point into an otherwise secure location (for example, to allow receipt of messages from mobile applications, or Dynatrace synthetic test data).