Skip to content

Gateways

Instasafe ZTAA Gateways are the components which enforce the policies set by the controllers. They verify the client's entitlements before granting them access to the resources.An ZTAA Gateway needs to be provisioned at every datacenter i.e in the same network as the enterprise applications such as the application servers are accessible from the gateway.It is a lightweight software module that can be installed on a physical server/VM (which runs in the data center) or an instance ( in the cloud-hosted data center).

ZTAA provides different types of gateways designed for specific functionalities. This is to ensure that the organisation can provision one specific to their needs with minimun access requirements.

Different types of gateway present in ZTAA along with their utility is described in the table below.

Type of Gateway Description Concurrent Connections Support per gateway*
TCP Gateway Should be used when the objective is only to access web applications or syncing of users from active directory with retricted access to clipboard and screensharing. 1500 Users
RDP Gateway Should be used when the objective is to access an external machine (via RDP or ssh) remotely from InstaSafe ZTAA client with retricted access to clipboard and screensharing. NA
Network Gateway Should be used when access to private applications hosted in private server/data center or cloud. VPN profile needs to be set up prior to installing a VPN gateway. 1000 Users
Agentess Gateway Should be used when the admin wants to allow user access to application directly from any browser without the need to install an end user agent/client. 1500 Users

The data for Concurrent Connection support* has been obtained by simulations carried out internally. The actual number may vary depending upon use case, bandwith consumed by the user and RAM of the VM on which the gateway is running

In case the total number of Users exceed the mentioned amount, provisioning of additional gateways will be required to accomadate users exceeding capacity. For Example if 2000 users are to simultaneously access entriprise resources via ZTAA network gateway, 2 network gateway needs to be provisioned with 1000 users connecting via each gateway. *

Prerequisites

The company admin must ensure that the following prerequesites are met prior to installation of Instasafe ZTAA gateways. It is recommended to set up a backup InstaSafe Gateway,with the same configuration for the purpose of redundancy.

Virtual Machine Parameter Requirement
Operating System Ubuntu 18.04.2 LTS(server edition)
OS Type 64-bit
RAM Minimum 8 GB
Hard Disk Minimum 30GB of free space
CPU 2 x Dual Core processor (x64 based)

Network Parameter

The following ports should be opened for ZTAA gateways to function.

For TCP Gateways

Source Destination Port Direction
ANY TCP Gateway TCP 443 Inbound
Instasafe Gateways ANY (Private NetworkTCP80, TCP443-public internet) ANY Outbound

For RDP Gateways

Source Destination Port Direction
ANY TCP Gateway TCP 8080 Inbound
Instasafe Gateways ANY (Private NetworkTCP80, TCP443-public internet) ANY Outbound

For Network Gateways

Source Destination Port Direction
ANY Network Gateway UDP 443 Inbound
Instasafe Gateways ANY (Private NetworkTCP80, TCP443-public internet) ANY Outbound

Use case of gateways and applications list that are compatible with our gateways:

Gateways Supported Application
TCP Web applications
Network Web applications, SSH, RDP, File share, Network share, Android, iOS
RDP/SSH RDP, SSH, File share
Agentless Web applications

Please Note

1- InstaSafe ZTAA Gateways has inbuilt  firewall featurs and hence is equipped to 
handle incoming traffic from unknwon sources, even when the firewall allows traffic 
from any source.

2-If any proxy configuration is present , it must be ensured that direct connection 
from the firewall is allowed.