Skip to content

Gateways

Instasafe ZTAA Gateways are the components which enforce the policies set by the controllers. They verify the client's entitlements before granting them access to the resources.An ZTAA Gateway needs to be provisioned at every datacenter i.e in the same network as the enterprise applications such as the application servers are accessible from the gateway.It is a lightweight software module that can be installed on a physical server/VM (which runs in the data center) or an instance ( in the cloud-hosted data center).

ZTAA provides different types of gateways designed for specific functionalities. This is to ensure that the organisation can provision one specific to their needs with minimun access requirements.

Different types of gateway present in ZTAA along with their utility is described in the table below.

Type of Gateway Description Concurrent Connections Support per gateway*
TCP Gateway Should be used when the objective is only to access web applications or syncing of users from active directory with retricted access to clipboard and screensharing. 1500 Users
RDP Gateway Should be used when the objective is to access an external machine (via RDP or ssh) remotely from InstaSafe ZTAA client with retricted access to clipboard and screensharing. NA
Network Gateway Should be used when access to private applications hosted in private server/data center or cloud. VPN profile needs to be set up prior to installing a VPN gateway. 1000 Users
Agentess Gateway Should be used when the admin wants to allow user access to application directly from any browser without the need to install an end user agent/client. 1500 Users
Unified Gateway A single gateway which will secure the access of VPN, TCP, RDP/SSH & Agentless applications. 1500 Users

The data for Concurrent Connection support* has been obtained by simulations carried out internally. The actual number may vary depending upon use case, bandwith consumed by the user and RAM of the VM on which the gateway is running

In case the total number of Users exceed the mentioned amount, provisioning of additional gateways will be required to accomadate users exceeding capacity. For Example if 2000 users are to simultaneously access entriprise resources via ZTAA network gateway, 2 network gateway needs to be provisioned with 1000 users connecting via each gateway. *

Prerequisites

The company admin must ensure that the following prerequesites are met prior to installation of Instasafe ZTAA gateways. It is recommended to set up a backup InstaSafe Gateway,with the same configuration for the purpose of redundancy.

Virtual Machine Parameter Requirement
Operating System Ubuntu 22.04.2 LTS (server edition)
OS Type 64-bit
RAM Minimum 8 GB
Hard Disk Minimum 30GB of free space
CPU 4 Core CPU as minimun

Network Parameter

The following ports should be opened for ZTAA gateways to function.

For TCP Gateways

Source Destination Port Direction
ANY TCP Gateway TCP 443 Inbound
Instasafe Gateways ANY (Private Network TCP 80, TCP 443-public internet) ANY Outbound

For RDP Gateways

Source Destination Port Direction
ANY RDP Gateway TCP 8080 Inbound
Instasafe Gateways ANY (Private Network TCP 80, TCP 443-public internet) ANY Outbound

For Network Gateways

Source Destination Port Direction
ANY Network Gateway UDP 443 Inbound
Instasafe Gateways ANY (Private Network TCP 80, TCP 443-public internet) ANY Outbound

For Unified Gateway

Source Application Type Port Direction
any Network UDP 8443 Inbound
any RDP & SSH TCP 8080 Inbound
any Web applications (Agentless) TCP 443 Inbound
any Web applications (via Agent) TCP 8081 Inbound
InstaSafe Gateways any (private/public internet) any Outbound

Use case of gateways and applications list that are compatible with our gateways:

Gateways Supported Application
TCP Web applications
Network Web applications, SSH, RDP, File share, Network share
RDP/SSH RDP, SSH, File share
Agentless Web applications
Unified Web applications, SSH, RDP, File share, Network share

Unified Gateway

To address the operational cost and maintenance overhead associated with ZTAA requiring separate instances for the set up of VPN, TCP, RDP/SSH & Agentless gateways respectively, optimization has been done with all the gateways bundled together as a single entity. Named as Unified Gateway, a single gateway now will cater to secure the access of VPN, TCP, RDP/SSH & Agentless applications.

Benefits: - Reduction of hardware cost without the need of separate instances for the VPN, TCP, RDP/SSH & Agentless gateways respectively.

  • Perform feature and performance upgrades in a single gateway instead of having to perform on the respective VPN, TCP, RDP/SSH & Agentless gateways.

  • Configure applications in a single gateway instead of having them to be performed in the individual gateways.

  • The Unified gateway supports both IPv4 & IPv6 network and web applications in dual stack mode.

Please Note

1. InstaSafe ZTAA Gateways has inbuilt  firewall featurs and hence is equipped to 
handle incoming traffic from unknwon sources, even when the firewall allows traffic 
from any source.

2. If any proxy configuration is present , it must be ensured that direct connection 
from the firewall is allowed.

Comments