CloudConnexa Settings User Guide

WPC Topology enables you to configure access to your WPC—to determine whether access controls are used. When set to Custom, access groups are active. When your WPC topology is set to Full Mesh, there is unrestricted access between all users, networks, and hosts.

A full-access configuration between user devices and connectors can be helpful if you just want to deploy CloudConnexa and verify the connectivity.  To specify granular access, use Access Groups. Setting WPC topology to Custom activates Access Groups (see CloudConnexa Access Group).

You can switch between Full Mesh and Custom at any time.

The default region is the parameter specifying the region that newly created connectors will use by default. The region is the physical location of cloud servers to which connector or user device is connected.

You can change the default region for connectors during or after their creation.

SNAT enables source NAT on the CloudConnexa side. When traffic arrives to a connector or user device, it will have a source IP of the Internet Gateway. This is helpful in remote access scenarios where you don’t want to configure backward routing from destination resources.

When SNAT is off, the IP address of the source device is available instead of the IP address of the Internet Gateway. This might be preferred for some applications like VoIP.

WPC IPs for connectors and user devices are assigned from the subnet range that you specify. The WPC subnet is the range of IPv4 address and IPv6 addresses from which IP addresses are assigned to connectors and devices belonging to users.

A split subnet is a special subnet which is routed to CloudConnexa. Having this subnet enables domain routing and domain filtering capabilities.

You can push the client options you desire. When doing so, understand that the results they can produce. While enabling you extend CloudConnexa using client options, we do not guarantee any results, either desired or undesired.

CloudConnexa by default has a 24-hour WPC session time-out period for user devices. If this session time-out period does not meet your needs, then CloudConnexa enables you to set a period that’s more conducive to your environment. Therefore, CloudConnexa enables you to set a session period that’s more conducive to your environment.

When a user device exceeds the number of hours in the specified WPC session, the user device will attempt to reconnect to the WPC.

Use this setting to specify whether user credentials are needed to connect to the CloudConnexa, if they’re required for every WPC connection attempt, if they’re only required 12 hours after a successful connection, or not required at all.

The value specified for this setting is the default for the maximum number of devices (number of generated profiles) that can access CloudConnexa per user account. This value can be overwritten during the User Group configuration.

There is a limit of 100 devices that can access CloudConnexa per user account.

This setting enables users to import connection profiles (.ovpn files) automatically (users can obtain profiles themselves) or the admin can distribute them manually (admin will need to generate a profile and share it with a user) to users.

Administrators can enable two-factor authentication for their users to add an additional layer of identity verification. Once two-factor authentication is enabled, an authenticator application must be used to provide an authentication code at sign in. The authentication check is performed whenever the user attempts to:

A device trusted by CloudConnexa does not need to be validated with a security credentials each time you try to use the device to access sensitive information. Users are not prompted for additional authentication on a trusted device for 30 days after the initial authentication.

Depending on your needs, you can authenticate users in CloudConnexa using various methods. Use the CloudConnexa setting if you don’t have users with single sign-on needs. Use SAML if your users are using an identity provider (IdP) and you want them to single sign-on using their IdP credentials. In this case, you have the option of having users authenticate in their native browser.

Finally, you can authenticate users with LDAP servers that are on your private network and reachable using WPC (see User Guide - Private LDAP Authentication).

CloudConnexa supports authentication for SAML-compatible identity providers. If you have any difficulties configuring SAML for your IdP, contact Support.

Below, are identity providers for which there is user guidance.

You can set the root DNS sever by either selecting the CloudConnexa DNS server or specifying a custom DNS server.

For a custom DNS server, you can designate a DNS server as a primary or secondary server.

Maintaining secondary servers ensures that queries can be resolved even if the primary server becomes unresponsive.

Using this advanced configuration enables CloudConnexa to act as a DNS proxy to both protect DNS requests and provide routing and filtering by domain name.

A fully qualified domain name (FQDN) is useful when you want a computer to be discoverable on an internet network, such as when you want to access a computer remotely. This makes it easier to track the activity on that computer. An FQDN for your computer makes it possible for it to be identified on the internet.

An FQDN help you access domain services such as File Transfer Protocol (FTP) and email. For example, if you wanted to connect a domain name email to an email app on your phone manually, you would also need to know the FQDN for the mail server, which could be like mail.yourdomainname.com.

A DNS server that supports a DNS zone handles the requests of that zone.

A DNS record enables you to configure DNS in CloudConnexa itself, and not in DNS server. Instead of making changes to your private DNS server entry or even using private DNS servers, you can add a DNS record directly to your WPC configuration.

This notification—enabled by default, notifies administrators that one or more WPC connections were terminated because the number of simultaneous WPC connections — including those from connectors and users — exceeded the subscribed limit. A notification is sent once every hour that WPC sessions are being disconnected because of the number is exceeding the subscription limit.

If enabled, this optional notification informs administrators that a configured threshold for the number of active WPC connections is exceeded. The threshold is configured as a percentage of the subscribed WPC connections. For example, a threshold set at 80 percent for a customer that has subscribed to 100 WPC connections will send an email notification when 80 or more WPC connections are active. This alert serves as an advance warning that the number of active WPC connections might soon exceed the number of subscribed VPN connections and may lead to WPC sessions being disconnected.

If enabled, this optional alert notifies administrators that a device running connector software has lost its WPC connection. Typically, connectors serve to extend the WPC to a network or directly to a private server. This alert may indicate a critical service failure if a connector is the only instance for the network or host. Note that multiple connectors can be used with a network. An alert is sent once every hour that connector WPC sessions are being disconnected.

You’ll receive a notification if a network or host to which an LDAP server is connected is disconnected from CloudConnexa.

You can receive this notification under two conditions. Either, the LDAP server is unreachable. In most cases, this happens due to a network connectivity issue. Or, when connectivity and reachability of the LDAP server are fine but the LADP settings for user authentication failed.