Addressing Modes
The addressing mode of a Gateway defines how the Gateway will identify and communicate with its endpoints. The type of addressing mode depends on the use case and level of isolation required and is set in the Orchestrator when the Gateway is created. The different addressing modes are described below.
MAC addressing mode
In this mode, the gateway will identify endpoints by their MAC address and the MAC address of each endpoint is configured in the Gateway. When a Gateway running in MAC Address addressing mode is used with a downstream switch to connect endpoints, the switch must be configured with port separation (port isolation mode) so that all packets from endpoints are forwarded to the Gateway if protection against unauthorized lateral movement is required.
VLAN addressing mode
The gateway will identify endpoint devices by their VLAN ID. In this scenario, each unique endpoint must be assigned an individual VLAN ID by a switch. The VLAN ID of each endpoint is configured in the Gateway.
IP Address (Destination NAT)
The Gateway rewrites destination addresses for all endpoint packets; the packets from the user will have the destination address rewritten from the address configured in the overlay to the IP address entered as the destination.
The destination IP address of each endpoint is configured in the Gateway.
IP Address (Source and Destination NAT)
The Gateway rewrites destination addresses for all endpoint packets; the packets from the user will have the destination address rewritten from the address configured in the overlay to the IP address entered as the destination.
The Gateway rewrites the source address+port to the gateway's local IP address, such that it appears as if the packet came from the gateway directly.
The destination IP address of each endpoint is configured in the Gateway.