Overview
To get started with creating your Endpoint, navigate to Network Settings → Endpoints. From there, click the blue plus sign in the upper right-hand corner to create a new Endpoint.
On the 'Create a New Endpoint' screen, you'll see fields for a name and attributes, along with a registration key to download. A unique name is needed to create an Endpoint. Next, either select from your list of already created attributes, or create a new one. If you have endpoint attributes already created, you'll need to click on the field to populate the list of attributes to choose from. When creating a new one, hit 'return' or 'enter' to populate the attribute.
Endpoint Name: Assign the endpoint a name
Endpoint Attribute: Select and existing Attribute or create a new one
Authorization Policy:
- Select the Policy, if none is selected the default policy will be applied.
- Optionally add an external ID to coordinate with the Authentication Policy or JWT Signer requirements.
Once you've filled in all fields, click 'create' and you'll be brought to a new screen like this.
This key will be needed to add your identity to the endpoint. based on the type of endpoint you are using, follow the instructions on the installation guides to add the identity and register your endpoint to the network.
Once registered, your endpoint will show in "green" on the console. When the endpoint is offline, it would show in "red". For an unregistered endpoint the registration status will show as unregistered in the console. Note that the registration token is valid for a period of 48 hours from the time of endpoint creation.
You can also create endpoints with our "network as a code " feature via JSON or YAML. Learn more here.
For you endpoint to be able to dial to the fabric , your Edge Router must be provisioned. With your endpoint created you may wish to go ahead to Create and Manage Edge Routers.
Manage Your Endpoints
To manage your existing Endpoint, navigate to Manage Endpoints. You can click on an Endpoint row to edit it or use the context menu at the end of each row to take actions on the individual Endpoint. Use the select bubbles in the first column of the table to select multiple endpoints for bulk delete.
Edit - you can edit the endpoint name or attributes
Re-issue token- If the endpoint is not registered within 48 hrs of token issue and the token has expired, you can always reissue the key from the console.
Share - You can share the registration key via an e-mail to the user or someone you intend to register the endpoint
Visualize - You can visualize how your endpoint has a path via the fabric to a service and if the path is broken or not.
Firewall Requirements
Here's a direct link to the main article about firewall requirements.
Endpoints must be able to reach the predictable Network controller IP and at least one (typically) unpredictable Edge Router IP on a predictable TCP port: 443. Predictable IPs are listed in the NetFoundry web console when you click on "Firewall requirements" for a particular Network when viewing "Manage Networks". Your Endpoints must be able to dial outbound to the internet on 443/tcp.
- An Endpoint will dial outbound to the Network's dedicated Controller on 443/tcp. This destination IP is predictable.
- An Endpoint will dial outbound to the Network's Edge Routers that are configured for that Endpoint through Edge Router Policies on 443/tcp. These IPs are not typically predictable.
It is possible but not typically necessary for security nor expedient to write a firewall ruleset that severely limits outgoing traffic only to expected destination IPs i.e. "outgoing IP whitelist". If you find yourself looking for a way to ensure that outboud traffic is flowing only to predictable destinations then please inquire about customer-hosted Edge Routers which would be VMs you run inside your security perimeter and for which outbound access is granted. In that scenario, Endpoints are configured to connect only to your authorized points of egress.
Comments
0 comments