Skip to content

Gateways

Gateway agents act as an ingress/egress point for your overlay network, allowing access to resources outside of the Enclave network. This allows support for agentless devices, such as IoT or vendor locked devices, to connect to the Enclave network.

Types of gateways

There are two types of gateways:

  • Virtual gateways: These are software-based gateways that run on VMs or containers. They can be deployed in various environments, such as cloud or on-premises. These gateway agents can only be used for ingress traffic, meaning they can only route traffic from the Enclave network to an external resource.
  • Physical gateways: These are hardware-based gateways designed to be deployed on-premises. They can handle both ingress and egress traffic routing, meaning they can route traffic from the Enclave network to an external resource and vice versa. Physical gateways are typically used for IoT or vendor locked devices that require a physical connection to the Enclave network. They also can be used a bridge firewall, allowing you to transparently restrict access to resources outside of the Enclave network.

Use cases

  • Routing traffic to a device/service that does not support the installation of an agent.
    • E.g. routing traffic to an IoT vendor locked device that does not support the installation of an agent.
    • E.g. routing traffic to an API service that is only accessible from a specific subnet or network.
  • Deploying a transparent firewall to protect a device behind the gateway.
  • Deploying a transparent firewall to protect your network from the device behind the gateway.
  • Routing traffic from a device on your LAN to an Enclave VPN endpoint.
  • Encrypting traffic between two agentless devices (e.g. device -> physical gateway -> physical gateway -> device)
  • Traffic analysis to determine the traffic patterns of a device on your LAN.