Rule management

Enclave gateways allow you to pass traffic to devices without requiring an agent to be installed on the device. This allows for an agentless deployment model of Enclave. Two models of rule management exist on gateway devices. All gateways (either virtual or physical) support gateway nodes. Physical gateways also support more advanced rulesets, which can be used for traffic routing as well as interface filtering.

Gateway nodes

Gateway nodes are the simplest form of rule management. They allow you to specify a single IP address or hostname to pass traffic to. These are ingress only type rules in which traffic coming from your Enclave network will DNAT to the specified host/port.

Use cases:

• Routing traffic to a device/service that does not support the installation of an agent.

Physical gateway rules

Physical gateways are deployed as an inline bridge. This allows them to be deployed without changing the topology of your network. In doing so, physical gateways can also act as a transparent firewall in addition to serving as VPN ingress/egress. Physical gateways support more sophisticated rulesets that can be utilized for traffic routing as well as interface filtering. These rules are applied to the gateways interfaces and can be used to filter traffic based on source and destination IP addresses, ports, and protocols. Additionally, LAN traffic can be routed into the Enclave network allowing agentless devices to talk to endpoints in the Enclave network.

Use cases:

• Deploying a transparent firewall to protect a device behind the gateway.
• Deploying a transparent firewall to protect your network from a device behind the gateway.
• Routing traffic from a device on your LAN to an Enclave VPN endpoint.
• Traffic analysis to determine the traffic patterns of a device on your LAN.