¶ Deploy Cyber Gateway on a Virtual Machine
The CGW requires a single virtual machine (VM) or bare metal (BM) machine to deploy. For High-Availability (HA) deployment, you will need two VMs or two separate hardware boxes. For deployment on a hardware box, check out the hardware deployment options here.
- For Zero-Trust Secure Private Access (SPA) only deployment use case, you will create a VM with a single network interface. If you have a VM with more than one network interface, only a single interface will be used by the cyber gateway.
- For Modern Workplace security use case, you will create a VM with at least two network interfaces (a LAN interface and a WAN interface). If you plan to leverage SD-WAN capability, you will need two WAN interfaces. Similarly, if you have multiple LANs, you can create as many LAN interfaces on the VM as you wish.
See example below, where the VM supports two LAN interfaces and two WAN interfaces (WAN1 for ISP1, and WAN2 for ISP2) addressing the SD-WAN and two LAN networks (LAN A and LAN B) use case.
¶ How to Create a VM for the Cyber Gateway?
- Download Cyber Gateway ISO image
- Select Install ubuntu and follow the typical ubuntu server installation steps.
- Please select openssh-server option while installing Ubuntu server components
- Based on where you like to deploy the cyber gateway, please refer to one of the options listed below.
Note: Follow steps mentioned in below link to create VM but select above downloaded ISO image during installation
|
Virtualization |
VM Creation Instructions |
Interfaces |
|---|---|---|
| VMWare Hypervisor | Single-Interface | Multi-Interface |
| Hyper-V | Single-Interface | Multi-Interface |
¶ Recommended Resources
- Minimum 1 vCPU, 1 GB RAM, 32 GB HDD to support 500 Mb/s data rates. For higher data rates, check out the detailed options here.
¶ Virtual Machine Networking Setup
- As pointed earlier, for Multi interface CGW deployment, you need to create at least two network interfaces on the VM, a LAN interface and a WAN interface. for single-interface CGW deployment you would need just one network interface.
- When cyber gateway is deployed on the inside of the Firewall, you need to make sure the following outgoing ports are allowed in the Firewall.
|
Protocol |
Allow Outgoing Ports |
Allow Incoming Ports |
|---|---|---|
| UDP | 3479, 51821-51830 | None |
| TCP | 8089 | None |
If you are deploying cyber gateway with an existing Firewall present, make sure outgoing ports mentioned above are open. Note Firewalls generally block incoming ports and not the outgoing ports, which are open in most cases. If this is the case, you do not need to do anything.
- Internet must be accessible from the VM:
- Check basic internet connectivity
ping 8.8.8.8 - Check DNS resolution works
ping google.com
- Check basic internet connectivity
- Check internal/private application servers on the LAN are accessible from the VM.
- Ping internal/private application server IP to verify connectivity
- Install SSH server using below command (skip if already installed):
sudo apt-get install openssh-server¶ Deployment Instructions
- For Zero-Trust Secure Private Access (SPA) only deployment use case, follow the instructions for single-interface CGW deployment.
- For Firewall replacement (or overlay) including Zero-Trust Secure Private Access (SPA) use case, follow the instructions for Multi interface CGW deployment.
To learn more about implementing SASE, XDR, IAM/ MFA, and GRC for your organization and explore tailored solutions that meet your unique requirements, contact Exium at partners@exium.net for a consultation or demonstration. If you are ready to get started, check out our testing and onboarding process.