Tutorial: Use CloudConnexa for Secure Internet Access
This tutorial shows the generic steps to configure CloudConnexa for use to secure internet traffic.
Introduction
This guide takes you through the process of securing internet traffic for your workforce. You can set up secure access to the public internet on the whole or to specific public resources.
This guide takes you through the process of securing internet traffic for your workforce. You can set up secure access to the public internet on the whole or to specific public resources.
WPC Illustration
This illustration shows a high-level view of the concept of secure internet access. On the left, each User connects with the OpenVPN Connect app on their Device through a secure tunnel to the geographically closest CloudConnexa Region. On the middle-right, each Connector on your private Network, that provides access to the internet, establishes a secure tunnel between your Network and the geographically closest Region. You can then configure User Groups and routes to that private Network such that your workforce can either securely access specific public resources through CloudConnexa or the entire internet.
Setup
Set up your CloudConnexa account.
Access https://cloud.openvpn.com/ and sign up to give it a try with up to three free connections.
Create a Cloud ID that uniquely identifies your WPC; for example, myopenvpnID.openvpn.com. Your ID lets you administer your WPC Network and download the OpenVPN Connect Client and its configuration Profile. The Connect client can also directly import configuration profiles using your Cloud ID to get your User Devices connected to CloudConnexa.
Configure the private Network, that you want to use to provide access to the internet via CloudConnexa, in the CloudConnexa Administration portal.
Access the Networks section and add a new Network.
You can then choose to either:
Enable Egress to route all internet traffic through this Network,
Or leave Egress disabled and define your public resources by domain name or IP address.
For further information, refer to Domain Name as a Route , Internet Gateway and Adding Internet Gateway.
Here is a detailed example of setting up a Network for Internet Gateway: HQ Network being used as Internet Gateway route.
Next, you must set up a Network Connector and make sure it’s online.
Deploy a Connector on your private Network. You can choose your operating system or compatible router and use the quick launch directly in the portal to deploy the Connector. For more information, refer to Connector Deployment User Guides
For User Groups, Networks and Hosts, for which all internet traffic should be routed through the Network (Egress is enabled) navigate to them and change Internet Access to Split-Tunnel OFF, so that all their traffic is routed to CloudConnexa. For more information, refer to Split-Tunnel
Connect your Users
You can manually create Users in the Users section of the CloudConnexa Administration portal. When you add Users to your account and include an email address, those Users automatically receive an email with instructions for downloading the OpenVPN Connect client and their connection Profile.
If you don’t include an email address when creating new Users, you’ll need to send those Users the User portal link, username, and temporary password using some other means.
If you set up SAML or LDAP authentication with CloudConnexa, you can let your workforce know that they can use their existing SAML or LDAP credentials to download the Connect app for their Devices and import a Profile using your unique Cloud ID URL.
Note
You can also configure User Groups, which enable you to set:
The Regions that Users are allowed to connect to.
The type of authentication needed to establish a connection.
The maximum number of Devices that can access the WPC simultaneously.
Split-tunneling on or off (routing public internet traffic).
Refer to these guides for more information:
Each User can then connect to CloudConnexa and reach all internet resources through your egress-enabled Network or specific subnets and domains through routes defined for the Network.
You also have the added option of configuring private services and Access Groups to enforce access controls.
Learn more about configuring access to services here: Cloud Services
For information on setting up Access Groups for those services, refer to: Cloud Access Groups
Note
Your access controls won’t be active until your WPC topology is set to Custom.
Tutorial: Block All Internet Traffic Except To Trusted Internet Destinations
Tutorial: Learn About the Levels of Security Afforded by the Use of Various Internet Access Options
Tutorial: Protect Your Users From Malware and Other Cyber Threats
Tutorial: Secure All Internet Traffic by Configuring a Private Network as an Internet Gateway
Tutorial: Use Multiple Geographically Distributed Internet Gateways to Improve Internet Performance
Tutorial: Steer Traffic To Specific Internet Destinations Through CloudConnexa