Gateway Direct inbound connection from internet

Thanks for starting this thread!

Glad to hear you appreciate our products.
I understand you were probably looking for other customers feedback, but let me give you a general overview and some best practices that might help clarify things.

The Gateway is designed to be a modern, secure alternative to traditional VPN setups.
A few core properties:

• Built in Rust, which helps mitigate many common memory safety vulnerabilities.
• Open source, so it’s fully auditable by security-conscious teams.
• TLS-encrypted tunnels, even for older/less secure protocols like HTTP or Telnet.
• Designed for internet exposure, and many users (including us at Devolutions) run it exposed directly, no major known vulnerabilities at this time. Of course, it’s audited by our internal security team for that.

We've seen it used in a variety of environments:

• Controlled access to internal corporate resources
• Network segmentation (e.g., isolating subnets while still allowing access)
• MSPs managing infrastructure on behalf of clients
• For the web clients (DVLS / Hub / Devolutions Standalone)
• Strengthening audit and compliance (e.g., centralized logging and session recording)

While it is safe to expose the Gateway directly to the internet, here are a few tips depending on your comfort level:

• Default config is hardened, but you can still layer it:
  • Some users place the Gateway behind reverse proxies (e.g., Cloudflare Tunnel or nginx with mTLS) or inside VPNs, for additional peace of mind.
• Use strong authentication and permissions via DVLS (or Hub) to control access paths and limit what users or vendors can see/do.
• Monitor logs and enable session recording if you’re handling sensitive environments.
• Keep Gateway, RDM and DVLS (if applicable) up to date, of course.

Let us know if you have any question, and I hope maybe other users can share their experience here.

Best regards,