Define How Internet Traffic is Routed Using Your Wide-Area Private Cloud

Embed security and corporate policy enforcement into employee internet access.

Meet a Unique Array of Internet Traffic Control Needs

Your company needs to route user internet traffic to data centers for maximum Wi-Fi hotspot security, backhauling to on-prem or cloud-based UTM for security, and policy enforcement. Cloud Connexa, our cloud-based virtual networking platform that provides private networking but does not provide default internet access, lets you use an Internet Gateway with your Cloud Connexa wide-area private cloud (WPC) for internet access.


Tap into your WPC for customized internet traffic control

Cloud Connexa doesn’t just tunnel traffic to private resources on your connected networks; it also gives you unmatched control over internet-bound traffic routing by User Group, Network, or Host.

  • Level 1 Security: Split Tunnel ON

    For enhanced safety — and to use SaaS login restriction policies — steer traffic to specific trusted internet destinations into the tunnel using IP address ranges or domain names. Other internet traffic is not tunneled to your WPC and uses direct internet access. Cyber Shield content filtering blocks domains for added security even if traffic has direct internet access.

  • Level 2 Security: Split Tunnel OFF

    Tunnel all internet traffic from a connected network, application server, or remote user to one or more connected private networks acting as Cloud Connexa Internet Gateways. This ensures that all internet traffic is inspected for threats and uses third-party security solutions to apply corporate policies using 3rd party security solutions. IDS/IPS built into Cyber Shield can bolster or replace your current internet security stack.

  • Level 3 Security: Restricted Internet

    Enforce the strictest control by completely blocking internet access and limiting access to private and trusted internet destinations. This enhances cyber safety, restricts content, encrypts and tunnels traffic to trusted sites, reduces the need for additional security devices, and lets the public IP address range of the connected private network be used as a trusted source network in SaaS applications.


IDS is an acronym for Intrusion Detection System. Cloud Connexa uses Cyber Shield Traffic Filtering as an IDS to identify malicious or unsanctioned network activity. When Traffic Filtering Monitoring is turned ON, and traffic is routed through Cloud Connexa, Cyber Shield Traffic Monitoring passively inspects network traffic on a packet level and reports malicious traffic and network policy violations. Traffic Monitoring uses signature-based detection to compare malicious traffic against an ever-growing database.

IPS is an acronym for Intrusion Prevention System. Cloud Connexa Cyber Shield can also be used to prevent malicious or unsanctioned network activity. When Cyber Shield Traffic Monitoring is ON, and traffic is routed through Cloud Connexa, Traffic Filtering can be configured to stop malicious traffic and prevent network policy violations. To learn more on how to use Cyber Shield’s Traffic Filtering as an IPS, read Configuring Cyber Shield Traffic Filtering for Blocking Threats.

Yes — You can configure multiple Internet Gateways to route internet traffic. To learn more, read User Guide - VPN with multiple VPN Egress locations.

Split Tunnel is a configuration setting of the tunnel that connects the device to Cloud Connexa. It can be set to select what kind of traffic is sent through the tunnel. All traffic (even internet traffic) is sent through the tunnel when set to OFF. When set to ON, only specific traffic configured to be routed to Cloud Connexa enters the tunnel, and general internet traffic does not.

Yes, you can block access to specific domains. Blocking works regardless of whether the internet traffic is tunneled to the WPC or not. To do this, you must first turn Domain Filter Monitoring ON. Next, you’ll need to configure Cloud Connexa Domain Filtering and select the content categories that need to be blocked or use preset modes. To learn more about Domain Filtering, read Configuring Cyber Shield Domain Filtering | Cloud Connexa.

Internet security controls can be applied to User Groups, Networks, and Hosts. To learn how read Cloud Connexa Internet Access.

Cyber Shield content filtering is a feature of Domain Filtering that analyzes the domain names in DNS queries received from WPC clients only when domain filter monitoring is turned on. When Monitoring is active, Cyber Shield checks which content category each domain name being queried belongs in. If a domain name is matched to any of the 43 Cyber Shield Domain Filtering Categories that is configured to be blocked, the domain name is not resolved as expected and a “This site can’t be reached” page is displayed. Content can be blocked choosing any of those categories or by using 1 of 3 domain filtering preset modes:

  • Basic
  • Safe Browsing
  • High Productivity

Cyber Shield domain filtering can be configured from the Cloud Connexa administration portal in the Shield settings or through the Setup Wizard, by editing the Domain Filtering block categories. To learn how watch Domain Filtering Basic Configuration.

The internet security levels of Level 1, Level 2, and Level 3 can be configured from the Access > Internet navigation menu in Administration portal.

Get Started for Free

Cloud Connexa comes with three free connections, no credit card required.