Skip to main content
Skip table of contents

Gateway

The BlastShield Gateway is an endpoint protection software instance that connects downstream the endpoints to the BlastShield™ network.  It protects endpoints from unwanted access by cloaking them from outsiders.  The Gateway provides layer 2 isolation to prevent lateral movement and enforces access to endpoints by policy. Connections between Gateways, Agents and users are made directly as peer-to-peer encrypted tunnels using AES-256 encryption.

A Gateway can protect different asset types, e.g., OT / IoT devices, VMs, private cloud virtual instances (AWS, GCP and Azure), virtual auto-scaling endpoints, serverless and networking functions. Multiple downstream endpoints may be connected to one Gateway, Gateways may be deployed on physical hardware, as VMs or as virtual instances.

Only authenticated and authorized BlastShield™ nodes may communicate with Gateway Endpoints, and the Endpoints themselves must also be authorized by policy to be able to initiate a connection. Gateways are registered with the Orchestrator when they are created. The registration process creates a private key on the Gateway which is used to set up security associations with the Orchestrator and with other nodes in the network.

Gateways can be used when it is not possible to install Agent software on the device being protected.  The Gateway is provided as software and may be installed into private cloud environments as a virtual instance, on hypervisors as a virtual machine, or on bare-metal x86 hardware.

Software Hardening

The BlastShield Gateway uses a purpose-built, hardened image and is digitally signed.  All unnecessary ports and services have been removed.

What types of devices can be protected?

The BlastShield™ Gateway can be used to protect all types of critical assets in IT, IoT and OT environments including the following

  • Industrial control systems.

  • Sensors and IP Cameras.

  • PLC systems.

  • HMI and iPC systems.

  • Hosts with legacy operating systems.

  • Building management and automation systems.

  • Virtual machines and virtual cloud instances.

In this section:

Gateway Addressing Modes

Local segmentation and isolation of endpoints

Gateway types and their use cases

Gateway installation guides

Gateway common administration tasks

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close