Skip to main content

Secure Internet Access Admin Guide

Introduction

Abstract

This guide takes you through the process of securing internet traffic for your workforce. You can set up secure access to the public internet on the whole or to specific public resources.

This guide takes you through the process of securing internet traffic for your workforce. You can set up secure access to the public internet on the whole or to specific public resources.

WPC Illustration

This illustration shows a high-level view of the concept of secure internet access. On the left, each User connects with the OpenVPN Connect app on their Device through a secure tunnel to the geographically closest CloudConnexa Region. On the middle-right, each Connector on your private Network, that provides access to the internet, establishes a secure tunnel between your Network and the geographically closest Region. You can then configure User Groups and routes to that private Network such that your workforce can either securely access specific public resources through CloudConnexa or the entire internet.

network image of secure internet access

Setup

  1. Set up your CloudConnexa account.

    • Access https://cloud.openvpn.com/ and sign up to give it a try with up to three free connections.

    • Create a Cloud ID that uniquely identifies your WPC; for example, myopenvpnID.openvpn.com. Your ID lets you administer your WPC Network and download the OpenVPN Connect Client and its configuration Profile. The Connect client can also directly import configuration profiles using your Cloud ID to get your User Devices connected to CloudConnexa.

  2. Configure the private Network, that you want to use to provide access to the internet via CloudConnexa, in the CloudConnexa Administration portal.

  3. Next, you must set up a Network Connector and make sure it’s online.

    • Deploy a Connector on your private Network. You can choose your operating system or compatible router and use the quick launch directly in the portal to deploy the Connector. For more information, refer to Connector Deployment User Guides

  4. For User Groups, Networks and Hosts, for which all internet traffic should be routed through the Network (Egress is enabled) navigate to them and change Internet Access to Split-Tunnel OFF, so that all their traffic is routed to CloudConnexa. For more information, refer to Split-Tunnel

  5. Connect your Users

    • You can manually create Users in the Users section of the CloudConnexa Administration portal. When you add Users to your account and include an email address, those Users automatically receive an email with instructions for downloading the OpenVPN Connect client and their connection Profile.

    • If you don’t include an email address when creating new Users, you’ll need to send those Users the User portal link, username, and temporary password using some other means.

    • If you set up SAML or LDAP authentication with CloudConnexa, you can let your workforce know that they can use their existing SAML or LDAP credentials to download the Connect app for their Devices and import a Profile using your unique Cloud ID URL.

      Note

      You can also configure User Groups, which enable you to set:

      • The Regions that Users are allowed to connect to.

      • The type of authentication needed to establish a connection.

      • The maximum number of Devices that can access the WPC simultaneously.

      • Split-tunneling on or off (routing public internet traffic).

  6. Each User can then connect to CloudConnexa and reach all internet resources through your egress-enabled Network or specific subnets and domains through routes defined for the Network.

  7. You also have the added option of configuring private services and Access Groups to enforce access controls.

    Note

    Your access controls won’t be active until your WPC topology is set to Custom.