Skip to main content

About Network Routes and IP Services

Abstract

Network Routes are configured for a Network to inform CloudConnexa that the connected network is the destination for a range of IP addresses. The set of IP addresses that is configured as a Route for one Network cannot be used as the Route for another Network. Network IP Services can restrict access to only specific application protocols and can also be used in Access Groups to control who can access that service.

Network Routes are configured for a Network to inform CloudConnexa that the connected network is the destination for a range of IP addresses. The set of IP addresses that is configured as a Route for one Network cannot be used as the Route for another Network. Network IP Services can restrict access to only specific application protocols and can also be used in Access Groups to control who can access that service.

If a Network will provide access to any applications using IP addresses instead of domain names, you must add Routes. Routes define public and private IP address subnets that will be routed to a Network. Routes are pushed to the routing table of clients by CloudConnexa.

Note

It is recommended to configure Applications and use Application Domain-Based Routing as much as possible.

IP Services can be defined only for IP address ranges that are present in the Route of the Network. You would want to configure IP Services to:

  • Designate an IP address range as a source of traffic to be used later in Access Groups.

  • Restrict the protocols that will be used to access the service.

  • Define who can access the IP service using Access Groups.

  • Easily identify the traffic destined to the IP service by using a named IP Service when viewing statistics in Access Visibility.

Note

For a Network that is not acting as an Internet Gateway, either an Application or a Route and IP Service must be added.

Consider this example of Network Route and IP Services use:

You want to connect a private network with a subnet address of 192.168.0.0/28 to CloudConnexa to make a private web server and a FTP server accessible by its IP addresses to all users, but allow only the IT department to manage it using SSH. You represent the private network by configuring a Network and connecting it to CloudConnexa by using Network Connectors. You then configure a Route for the Network which can either be for the complete subnet range of 192.168.0.0/28 or for the IP addresses of the web and FTP servers. You then add an IP Service named webapp, allowing only HTTPS for the server IP address of 192.168.0.10. Next, add another IP service named fileapp, allowing only FTP for the server IP address of 192.168.0.12. You then add another IP Service named manage, allowing only SSH with IP addresses 192.168.0.10 and 192.168.0.12.

Now, you configure an Access Group that allows access to manage, fileapp, and webapp to the User Group with all the IT department members as its Users and another one to provide access to webapp and fileapp for all other User Groups.

With the above configuration, all users can use only HTTPS and access https://192.168.0.10 , use FTP and access ftp://192.168.0.12 while the IT department can also use ssh user@192.168.0.10 and ssh user@192.168.0.12 .

In this section: