Configure Enhanced Gateway Endpoint Connectivity
The Enhanced support for Gateway Endpoint connectivity feature allows Endpoints behind an active BlastShield™ Gateway to create external connections to non-BlastShield™ nodes. The default condition for an Endpoint that is protected by an active BlastShield Gateway is that the Endpoint may only communicate to other nodes in the BlastShield™ network to which it is authorized. The Enhanced Endpoint connectivity feature allows such Endpoints to establish a connection to a non-BlastShield™ node that is outside of the protected network.
To achieve this, the BlastShield™ Gateway provisions a default gateway IP address via DHCP on to the protected Endpoint. This gives the Endpoint a forwarding route out of the BlastShield™ network to non-BlastShield™ IP address ranges.. The BlastShield™ Gateway will NAT such outbound connections from the BlastShield™ IP address range to non-BlastShield™ IP address ranges, allowing a connection to be established from the protected Endpoint to the non-Blastshield™ node.
Prerequisite
You must have a Gateway setup, and configured in 'MAC address' addressing mode. You must also have an endpoint configured and connected to your Gateway. To learn how to do this, please read the following articles: BlastShield Gateway Installation (x86) and Create an Endpoint
To learn how to configure Enhanced support for Gateway Endpoint connectivity, please read the following instructions.
In the Orchestrator, click on the Endpoints menu option on the left hand side.
Then Endpoints summary page will open. Click on the Endpoint for which you want to enable Enhanced Endpoint connectivity.
The Endpoint configuration page will open. Verify the Endpoint is enabled (the Endpoint Enabled checkbox should be checked).
Check the checkbox labeled Send DHCP Default Gateway to enable the Enhanced Endpoint connectivity feature.
Click on SAVE CHANGES.
You have enabled the Enhanced Endpoint connectivity feature. The Endpoint will be assigned a default gateway address and it will be able to communicate to non-BlastShield™ nodes which are external to the BlastShield™ network.