Daisy Chaining Gateways for access into different network segments
1 vote
Hello,
Is there plans to have the ability to daisy chain gateways, so that you can have one primary gateway that is eposed to the internet (lets say it lives in the DMZ). Which if someone wants to connect to a server in the internal network, DVLS would route their connected through the gateway located in the DMZ, then to another gateway sitting on the DMZ/internal edge?
Currently i dont particularly want to have a gateway on the internal network, exposed to the internet, in order for me to get access to my servers/equipment.
Hello @Yoffstr
There is no plan for Gateway Daisy Chaining as-is, but I think we’ll have a solution for the problem you are describing: the Agent Tunnel feature.
I’m talking about it in this thread: https://forum.devolutions.net/topics/52725/reverse-proxy-for-gateway-agents?message=226688#226688
With this feature, you:
DVLS will route through the Devolutions Gateway (DMZ), and the Devolutions Gateway will route through the Devolutions Agent (DMZ/internal edge), but with a call home model such that you just need to allow outbound connections from the Devolutions Agent to the Devolutions Gateway. You don’t need to allow inbound connections.
I believe that would be the most hardened network setup you could imagine as of today.
Is it addressing your concern?
Best regards,
Benoit Cortier
Hi Benoit,
Yes, this is perfect and addresses my concern, as i didnt want to expose a gateway on the DMZ/internal edge to the internet, in order to access internal servers.
Kind regards
Yoffstr
following my last post, how do we best implement this setup?