Skip to content

Gateways

Instasafe ZTAA Gateways are the components which enforce the policies set by the controllers. They verify the client's entitlements before granting them access to the resources.An ZTAA Gateway needs to be provisioned at every datacenter i.e in the same network as the enterprise applications such as the application servers are accessible from the gateway.It is a lightweight software module that can be installed on a physical server/VM (which runs in the data center) or an instance ( in the cloud-hosted data center).

ZTAA provides different types of gateways designed for specific functionalities. This is to ensure that the organisation can provision one specific to their needs with minimun access requirements.

Different types of gateway present in ZTAA along with their utility is described in the table below.

Type of Gateway
TCP Gateway Should be used when the objective is only to access web applications or syncing of users from active directory with retricted access to clipboard and screensharing.
RDP Gateway Should be used when the objective is to access an external machine (via RDP or ssh) remotely from InstaSafe ZTAA client with retricted access to clipboard and screensharing.
Network Gateway Should be used when access to private applications hosted in private server/data center or cloud. VPN profile needs to be set up prior to installing a VPN gateway.
Agentess Gateway Should be used when the admin wants to allow user access to application directly from any browser without the need to install an client.

Prerequisites

The company admin must ensure that the following prerequesites are met prior to installation of Instasafe ZTAA gateways. It is recommended to set up a backup InstaSafe Gateway,with the same configuration for the purpose of redundancy.

Virtual Machine Parameter Requirement
Operating System Ubuntu 18.04.2 LTS(server edition)
OS Type 64-bit
RAM Minimum 8 GB
Hard Disk Minimum 30GB of free space
CPU 2 x Dual Core processor (x64 based)

Network Parameter

The following ports should be opened for ZTAA gateways to function.

For TCP Gateways

Source Destination Port Direction
ANY TCP Gateway TCP 443 Inbound
Instasafe Gateways ANY (Private NetworkTCP80, TCP443-public internet) ANY Outbound

For RDP Gateways

Source Destination Port Direction
ANY TCP Gateway TCP 8080 Inbound
Instasafe Gateways ANY (Private NetworkTCP80, TCP443-public internet) ANY Outbound

For Network Gateways

Source Destination Port Direction
ANY Network Gateway UDP 443 Inbound
Instasafe Gateways ANY (Private NetworkTCP80, TCP443-public internet) ANY Outbound

Please Note

1- InstaSafe ZTAA Gateways has inbuilt  firewall featurs and hence is equipped to 
handle incoming traffic from unknwon sources, even when the firewall allows traffic 
from any source.

2-If any proxy configuration is present , it must be ensured that direct connection 
from the firewall is allowed.