Skip to content

Overview

Enclave Gateway allows you to provide:

  1. Safe access to on-premise devices that can't run Enclave, like printers and webcams
  2. IP whitelisted and conditional access to SaaS platforms like Office 365 and Sharepoint
  3. DNS filtering of Internet traffic to remove ads and help protect against threats like malware

Enclave Gateway

1. Access to the LAN

Enclave is designed to be installed directly onto every client, server, cloud instance, virtual machine, container, mobile phone and workstation in your organisation. That way, Enclave can provide peer-to-peer connections between users and resources without VPN servers, while also applying Zero Trust Network Access controls at the edge to enforce policy and end-to-end encryption.

However, in some situations, you can’t or might not want to install Enclave on all devices or systems:

  • On domain controllers where two or more network interfaces can be problematic
  • On networks where the physical infrastructure is not allowed to be changed
  • On embedded systems, like firewalls, webcams or printers which prohibit external software
  • When accessing legacy systems which are too old to run, or are incompatible, with the agent
  • When accessing cloud native services like AWS RDS, which don't run third party software
  • With large numbers of devices in a single subnet, like a single AWS VPC

In these cases, you can set up an Enclave Gateway to provide access to devices and systems which don't, or can't, run Enclave.

Enclave Gateways allows you to route traffic from systems running Enclave to systems and devices not running Enclave (like RDS databases, webcams, printers and IoT sensors) in subnets the Enclave Gateway can reach.

2. Access to SaaS platforms

Enclave Gateway can also be used as a trusted pathway to reach common SaaS and cloud platforms like Office 356, Azure, AWS, Google and Salesforce with IP-based whitelisted access.

By routing all traffic for one or more selected SaaS platforms via an Enclave Gateway on a static IP address, SaaS platforms can be configured to restrict access to customer accounts by whitelisting access from a known static IP address. If used in conjunction with identity providers like Azure, Enclave Gateway can also be used in conjunction with conditional access polices to add additional security controls.

3. Access to the public Internet

Enclave Gateway can also be used to route all traffic out to the public Internet through fixed network locations, enabling customers to ensure network traffic egresses via points of presence under their regulatory control before it reaches the public Internet.

This can be useful in a number of scenarios: remote users working in other geographies or forcing the use of a single static public IP address for all users, for example.

Enclave Gateway optionally includes the open source PiHole project, making it simple to deploy DNS filtering that removes ads, bolsters protection against malware and other online threats and stops users from viewing inappropriate or undesirable content, such as streaming or adult websites.

Last updated Oct 8, 2024