About Internet Access configuration
The Internet Access section allows you to view, filter, search, and edit the route internet traffic takes for User Groups, Networks, and Hosts in one central place.
The Internet Access section allows you to view, filter, search, and edit the route internet traffic takes for User Groups, Networks, and Hosts in one central place.
The Internet Access setting allows you to either completely restrict internet access, tunnel all internet traffic to CloudConnexa, or let the internet traffic exit directly to the internet for a given User Group, Network, or Hosts.
Note
Any internet destinations (domain names or IP subnets) configured as Applications or IP Services are considered 'trusted internet traffic' and will always be tunneled to CloudConnexa instead of treated as regular internet traffic.
Internet Access for User Groups, Networks, or Hosts can be set as:
Split Tunnel On (Level-1 Security): Private and trusted internet traffic is tunneled; all other internet traffic uses local internet.
Split Tunnel Off (Level-2 Security): All traffic is tunneled; Internet traffic exits from selected Internet Gateways
Restricted Internet (Level-3 Security): Private and trusted internet traffic is tunneled; all other internet traffic is blocked.
Refer to Tutorial: Learn About the Levels of Security Afforded by the Use of Various Internet Access Options, for more information on the security levels. When Split Tunnel is OFF, all internet traffic arrives at the WPC. The WPC needs a connected network to act as an Internet Gateway. The Network set as an Internet Gateway indicates to the WPC that traffic destined for the Internet can be routed to that network. Refer to Make a Network act as an Internet Gateway.
Multiple networks can serve as Internet Gateways. CloudConnexa will select the route to the Internet Gateway based on the Region that is being used by the source. For example, you have connected two networks and marked them as Internet Gateways. One of your Internet Gateway Networks uses the San Jose Region, while the other uses Chicago. Internet traffic from a remote worker connected to Los Angeles will be routed via San Jose, and traffic from a remote worker connected to Ashburn, VA, will be routed via Chicago. The routing logic is not just based on geographic proximity but considers network characteristics too.
You can override the default routing of CloudConnexa by selecting specific Internet Gateways to route the internet traffic of User Groups, Networks, and Hosts. You can choose to do this for one or more of the reasons below:
Customize your company’s needs for Internet traffic control based on teams, departments, networks, and other criteria to make the Internet Gateway selection more deterministic.
Direct users, devices, and/or networks to unique Internet Gateways based on their bandwidth consumption for efficient load distribution.
Match needs with Internet Gateway capabilities by specifying Internet Gateway networks for specific user groups and networks based on different security controls (e.g., devices, operating systems)
You can select one or more Internet Gateways per User Group, Network, or Host using the Internet Access configuration. If multiple Internet Gateways are chosen or the Internet Gateway network has multiple Connectors, CloudConnexa's default smart routing algorithm will choose the most optimum route among all the options available. To select specific Internet Gateways for User Groups, Networks, and Hosts, follow the steps below: