Skip to main content

Tutorial: Use CloudConnexa for Secure Internet Access

Abstract

This tutorial shows the generic steps to configure CloudConnexa for use to secure internet traffic.

Introduction

Abstract

Learn how to use CloudConnexa for secure internet access by routing internet traffic through private networks, configuring internet gateways, and applying centralized traffic controls.

This tutorial shows you how to securely route internet traffic through CloudConnexa using a private network configured as an internet gateway.

With this setup:

  • Users securely connect to CloudConnexa using OpenVPN Connect.

  • Internet traffic is routed through trusted private networks.

  • Organizations can centrally control internet-bound traffic.

  • Additional security controls, such as filtering, monitoring, IDS/IPS, or CASB solutions, can be applied.

You can configure CloudConnexa to:

  • Route all internet traffic through a private network.

  • Route only specific public domains or IP destinations through CloudConnexa.

  • Route all traffic through CloudConnexa while allowing specific destinations to bypass the tunnel and route locally.

  • Apply different internet access policies to user groups, networks, and hosts.

network image of secure internet access

Before you begin

Before starting this tutorial, ensure you have:

  • A CloudConnexa account and Cloud ID.

  • A private network that can provide internet access.

  • A system or compatible router available for Connector deployment.

  • Administrative access to CloudConnexa.

This tutorial covers:

  1. Creating a Network.

  2. Configuring internet gateway behavior.

  3. Deploying a Connector.

  4. Configuring Internet Access settings.

  5. Connecting users to CloudConnexa.

Step 1: Create your CloudConnexa account

Tip

When you create your account, you'll define a Cloud ID (for example, mycompany.openvpn.com). Once set, it can't be changed. Your Cloud ID is used to:

  • Access the Administration portal.

  • Download OpenVPN Connect.

  • Import connection profiles.

  • Connect devices to CloudConnexa.

Step 2: Create a Network for secure internet access

Create a Network that will provide internet access through CloudConnexa.

  2. Navigate to Networks → Networks.

  3. Click Add Network.

  4. Select Secure Internet Access, then click Continue.

  5. Configure the Network settings:

    • Name — Enter a name (for example, secure_internet_network).

    • Description (optional) — Enter a description.

  6. Configure the Connector settings:

    • Connector Tunneling Protocol — Leave the default value of OpenVPN selected unless you specifically require IPsec.

    • Connector Name — Enter a name for the Connector.

    • Connector Description (optional) — Enter a description for the Connector.

    • Region — Select the Region closest to you.

  7. Click Next.

Step 3: Deploy the Connector

Deploy a Connector on the network that will provide internet access.

  1. The Connector Details page displays. Click the Provider Type, then select where you'll deploy your Connector.

  2. Use the guided deployment steps provided in the network configuration wizard.

  3. Complete the Connector installation.

  4. Click Next to verify that the Connector is online.

For more information, refer to:

Step 4: Configure Internet Access settings

Configure how internet traffic is routed for user groups, networks, or hosts from the Configure Internet Access step of the network configuration wizard.

  1. From the Configure Internet Access step, select the User Groups, Networks, and Hosts.

    • Internet Access will be set to Split Tunnel Off for each selection.

    • For those not selected, Internet Access will be set to Split Tunnel On.

  2. Click Next.

When Split Tunnel Off is enabled:

  • All internet traffic is routed through CloudConnexa.

  • Traffic exits through configured internet gateways.

Tip

With Internet Access set to Split Tunnel Off, you can use Tunnel Bypass to allow traffic to destinations to be routed directly to the local network gateway instead of through CloudConnexa.

This is useful for locally reachable resources, such as on-premises systems, intranet services, or performance-sensitive applications that do not require secure tunneling.

Tunnel Bypass is configured per user group from Access → Internet. Refer to About Tunnel Bypass.

For more information, refer to:

Step 5: Configure Applications, IP Services, and Access Groups (optional)

Configure Applications, IP Services, and Access Groups to control access to specific domains, services, networks, and internet destinations.

After configuring internet access, the wizard steps you through configuring:

  • Applications for domain-based access control and routing.

  • IP Services for protocol- and subnet-based access control.

  • Access Groups to define which user groups can access resources.

To configure Applications, IP Services, and Access Groups, follow the steps below:

  1. On the Applications step, add any domains or applications users should be allowed to access through CloudConnexa.

  2. Configure optional Application settings such as:

    • Allowed protocols.

    • Embedded IP support.

    • Exact Match domain behavior.

  3. Continue to the IP Services step.

  4. Add any IP-based services, protocols, or subnet ranges that should be accessible through the Network.

  5. Continue to the Access Groups step.

  6. Select an existing Access Group or create a new one.

  7. Configure the appropriate sources and destinations for the Access Group.

  8. Complete the Network Configuration Wizard and save the Network.

Applications, IP Services, and Access Groups can be used together to:

  • Route traffic to specific public or private resources.

  • Restrict access to approved services only.

  • Enforce granular access control policies based on user identity or group membership.

Step 6: Connect your users

Add users and connect devices to CloudConnexa.

  1. Navigate to Users → Users.

  2. Add users manually or configure SAML or LDAP authentication.

  3. If you include an invitation email to users:

    • Users automatically receive onboarding instructions.

    • Users can download OpenVPN Connect and import connection profiles.

  4. If you don't include an invitation email to users, provide your users with:

    • The User portal URL.

    • Their username.

    • A temporary password.

List of All Internet Security Tutorials

List of All Internet Security Videos

In this section:
See also: