Network configuration
This section is an overview of how you deploy an ESXi gateway or a Hyper-V gateway within your network.
Note
If you want a gateway hosted in Amazon Web Services, skip this section. We'll guide you through all the configuration you need later.
You can deploy an ESXi or Hyper-V gateway as a one-arm or two-arm proxy.
-
One-arm proxy deployment uses the WAN (external interface) for both incoming and outgoing traffic through the firewall. It minimizes changes to your infrastructure.
-
Two-arm proxy deployment uses both WAN and LAN (external and internal interfaces). This requires infrastructure changes but provides the best security and throughput.
You must do as follows:
- Only open ports 80 and 443 (to allow inbound traffic) on the external interfaces of the gateway.
- Create a DNAT rule for ports 80 and 443.
- Block all other ports for security.
- Don't use reverse proxies.
You can choose whether the gateway connects to the firewall's LAN or DMZ, or (for two-arm) to the cloud.
Click on one of the tabs below to see the network configuration you can use for each deployment type.
Here are the configurations for one-arm deployments.
One-arm gateway connects to firewall LAN
One-arm gateway connects to firewall DMZ
Here are the configurations for two-arm deployments.
Two-arm gateway connects to firewall LAN: Load balancing by gateway cluster or firewall
Two-arm gateway connects to cloud: Load balancing by gateway cluster
Two-arm gateway connects to firewall DMZ
