The Edge Gateway provides several networking functions for your cloud environment. 


DHCP

If you need to have IP addresses assigned dynamically rather than statically, you can enable DHCP in your cloud environment. The edge gateway can provide this functionality on a per network basis.


NAT

If you need to allow unsolicited traffic in from the internet directly into one of your virtual machines (such as when you are hosting a web server) or if you have multiple public IP addresses and want to specify which one a particular server uses when sending traffic out to the internet, this is accomplished via NAT. NAT rules work in conjunction with firewall rules to determine what traffic is allowed into your cloud environment. The most common implementation is to specify what address and port someone should use to connect to a server inside your environment. If you have a server hosting your web page inside your cloud environment, for example, you will need a rule for traffic coming in on your public IP address using port 80 (HTTP) and port 443 (HTTPS) to be sent to your server's private IP address inside your cloud environment. Without these rules, when a request for your web server comes in from the internet, the edge gateway will not know which internal address to send it to. This can also be used to use one public IP address to connect to multiple internal servers. For help on how to add NAT rules to your edge gateway, see NAT your Public IP to a Private IP in the Cloud Portal

A list of a few common ports will be provided at the bottom of the page.


Firewall Rules

The edge gateway also provides port based firewall functionality. These rules work in conjunction with NAT rules to determine what traffic should be allowed in and out of your cloud environment. You may have a NAT rule that maps port 22 on your public IP address to an internal server, but a firewall rule that only allows traffic from your office to come through on that same IP & port. The recommended implementation of firewall & NAT rules is to allow only what is necessary. To help accomplish this, the firewall has a default action that is typically set to deny. This means that any traffic coming in that doesn't match a specific rule will not be allowed through the firewall. For help on adding firewall rules, see Firewall Settings in the Cloud Portal.


Static Routes

If you need to ensure that specific traffic is always routed a certain way, you can accomplish this by adding static routes. The edge gateway can provide this functionality on a per network basis.


IPSec VPN

The edge gateway also has the ability to establish an IPSec tunnel with a compatible device. This allows for a secure connection between an external network, your office network for example, and a network in your cloud environment. A guide on setting up the tunnel can be found at IPSec Tunnel to Cloud Networks.


Load Balancer

Load balancing is also a function that the edge gateway can provide. This allows traffic to be direct at a single IP address, thus making it easy for those connecting to your services, while having the work distributed across multiple machines. This can be used to help you scale out quickly and easily as your business grows. Load Balancer in the Cloud Portal provides a step-by-step guide for setting up a load balancer in Voonami's cloud.


Common Ports & Services

HTTP - TCP Port 80

HTTPS - TCP Port 443

SSH - TCP Port 22

FTP - TCP Ports 20 & 21

RDP - TCP Port 3389

Ping - ICMP


  • No labels