¶ Unlocking Possibilities with Exium Cyber Gateways
Your Gateway to Seamless Connectivity!
Welcome to the heart of your Exium deployment – the CyberGateways (CGWs). These dynamic components serve as the cornerstone, linking diverse locations, including offices and data centers, as well as connecting cloud instances like Azure and GCP to your users.
Essential for various Private network use cases, including remote access, IoT security, and SD-WAN, CGWs are the linchpin of your Exium experience. But they offer more than just the basics; CGWs are versatile and can cater to a myriad of requirements.
As you embark on your CGW journey, explore not only this document but also our Use Cases guide to grasp the breadth of challenges CGWs can conquer.
¶ Getting Started: Unleashing the Power of CGWs
Before you dive into deploying a CGW, consider the CGW version that aligns with your needs. Opt for the Single-interface version for straightforward deployment, perfect for essential use cases like Zero Trust Network Access (ZTNA). On the other hand, the Multi-interface version boasts separate WAN & LAN interfaces, accommodating multiple ISPs, various LAN ports, and all advanced features including Firewall replacement.
|
VPN Replacement with Zero Trust Network Access (ZTNA) |
Firewall Replacement with the Multiple-interface Cyber Gateway |
|||||
|---|---|---|---|---|---|---|
|
Offices |
Data Centers |
Public Cloud |
||||
|
Cyber Gateway |
Single-interface | Single-interface |
No |
Multiple-interface | Multiple-interface | Multiple-interface |
|
SASE Agent |
Agent/ Agentless |
Agentless |
Agent/ Agentless |
Agent/ Agentless |
Agent/ Agentless |
Agent/ Agentless |
¶ Hybrid Deployment Option for SIF and MIF Gateways
The Single-interface (SIF) and Multi-interface (MIF) gateways can be combined to support hybrid use cases, where some sites only need Zero Trust Network Access (ZTNA) while others require additional Firewall and SD-WAN capabilities.
The distinction between the SIF and MIF gateways can be understood as follows: SIF provides outside-in (ZTNA) access to the site, whereas MIF enables both outside-in (ZTNA) and inside-out secure access (Firewall and SD-WAN), as illustrated in the figure below.
It's important to note that site-to-site connectivity is bi-directional between two MIF sites; however, connectivity between a MIF site and a SIF site is uni-directional. In this configuration, the MIF site can access the SIF site remotely, but access does not extend in the reverse direction.
¶ Cyber Gateway Hardware
The hardware decision is equally vital. For cloud deployments like Azure, a Virtual Machine is your go-to. For physical locations such as offices or data centers, consult our Modern Security Architecture document's table for guidance on selecting the right hardware appliance.
Embrace the power of CGWs – your gateway to a connected, secure, and agile future with Exium!
¶ Firewall ports
When cyber gateway is deployed on the inside of the Firewall, see the Transition diagram in Modern Workplace Security, you need to make sure the following outgoing ports are allowed in your Existing Firewall.
|
Protocol |
Allow Outgoing Ports |
Allow Incoming Ports |
|---|---|---|
| UDP | 3478-3479, 51801-51850 | None |
| TCP | 8089 | None |
In the uncommon scenario where your Firewall implements source port randomization during Network Address Translation (NAT), it's crucial to verify the preservation of the UDP source port range 51801-51850 for outgoing traffic. This necessitates configuring the default Automatic Outbound NAT ruleset to disable source port randomization specifically for UDP ports 51801-51850. These Outbound NAT rules, ensuring the conservation of the original source port, are occasionally denoted as Static Port rules.
¶ Next Steps
Once you have selected your CGW version and hardware, the next step is to prepare the hardware or virtual machine for deployment. Follow the appropriate guide based on the Hardware, VM or Public Cloud you selected.