Overview
Create an Endpoint
To get started with creating your Endpoint, navigate to Network Settings → Manage Endpoints. From there, click the blue plus-sign in the upper right-hand corner to create a new Endpoint.
On the 'Create a New Endpoint' screen, you'll see fields for a name and attributes, along with a registration key to download. A unique name is needed to create an Endpoint. Next, either select from your list of already created attributes, or create a new one. If you have endpoint attributes already created, you'll need to click on the field to populate the list of attributes to choose from. When creating a new one, hit 'return' or 'enter' to populate the attribute.
Once you've filled in all fields, click 'create' and you'll be brought to a new screen like this.
If you have chosen to use Tunneler for this endpoint then you will follow these instructions to enroll Tunneler as your endpoint, and your endpoint will show up as 'Enrolled'. For you endpoint to function properly, your Edge Router must be provisioned. You can check this status on the Manage Edge Routers page, under the 'Type' column. You will see 'Provisioned', 'Provisioning', 'New', or 'Deleting' in that column. Provisioning can take a few minutes but once that has completed, your endpoints, and services, AppWANs, etc... should function as expected.
With your endpoint created you may wish to go ahead to Create and Manage Edge Routers.
Manage Your Endpoints
To manage your existing Endpoint, navigate to Manage Endpoints. You can click on an Endpoint row to edit it or use the context menu at the end of each row to take actions on the individual Endpoint. Use the select bubbles in the first column of the table to select multiple endpoints for bulk delete.
When editing an existing endpoint, the screen will look the same as the 'Create a New Endpoint' screen, except that you'll click 'Update' to finish editing your Endpoint, instead of create.
Firewall Requirements
Here's a direct link to the main article about firewall requirements.
Endpoints must be able to reach the predictable Network controller IP and at least one (typically) unpredictable Edge Router IP on a predictable TCP port: 443. Predictable IPs are listed in the NetFoundry web console when you click on "Firewall requirements" for a particular Network when viewing "Manage Networks". Your Endpoints must be able to dial outbound to the internet on 443/tcp.
- An Endpoint will dial outbound to the Network's dedicated Controller on 443/tcp. This destination IP is predictable.
- An Endpoint will dial outbound to the Network's Edge Routers that are configured for that Endpoint through Edge Router Policies on 443/tcp. These IPs are not typically predictable.
It is possible but not typically necessary for security nor expedient to write a firewall ruleset that severely limits outgoing traffic only to expected destination IPs i.e. "outgoing IP whitelist". If you find yourself looking for a way to ensure that outboud traffic is flowing only to predictable destinations then please inquire about customer-hosted Edge Routers which would be VMs you run inside your security perimeter and for which outbound access is granted. In that scenario, Endpoints are configured to connect only to your authorized points of egress.
Comments
0 comments