Daisy Chaining Gateways for access into different network segments

Daisy Chaining Gateways for access into different network segments

1 vote

avatar

Hello,

Is there plans to have the ability to daisy chain gateways, so that you can have one primary gateway that is eposed to the internet (lets say it lives in the DMZ). Which if someone wants to connect to a server in the internal network, DVLS would route their connected through the gateway located in the DMZ, then to another gateway sitting on the DMZ/internal edge?

Currently i dont particularly want to have a gateway on the internal network, exposed to the internet, in order for me to get access to my servers/equipment.

All Comments (3)

avatar

Hello @Yoffstr

There is no plan for Gateway Daisy Chaining as-is, but I think we’ll have a solution for the problem you are describing: the Agent Tunnel feature.

I’m talking about it in this thread: https://forum.devolutions.net/topics/52725/reverse-proxy-for-gateway-agents?message=226688#226688

With this feature, you:

  • Place a Devolutions Gateway, exposed to the internet in the DMZ
  • Place a Devolutions Agent on the DMZ/internal edge


DVLS will route through the Devolutions Gateway (DMZ), and the Devolutions Gateway will route through the Devolutions Agent (DMZ/internal edge), but with a call home model such that you just need to allow outbound connections from the Devolutions Agent to the Devolutions Gateway. You don’t need to allow inbound connections.

I believe that would be the most hardened network setup you could imagine as of today.

Is it addressing your concern?

Best regards,

Benoit Cortier

avatar

Hi Benoit,

Yes, this is perfect and addresses my concern, as i didnt want to expose a gateway on the DMZ/internal edge to the internet, in order to access internal servers.

Kind regards

Yoffstr

avatar

following my last post, how do we best implement this setup?