Introduction
Dual LAN/ WAN network interface version of Exium’s Cyber Gateway supports Firewall replacement (or overlay) and Zero-Trust Secure Private Access (SPA) use cases.
Deployment Instructions
Pre-requisites
- Create a Workspace, if not already done
- Create a user group in the Workspace admin console that requires secure private access (if different from admin)
- Add more users to the user group created, as and if needed.
- Create CGW and add Trust Paths in the Workspace admin console. (Please see next section for details)
- Associate the user group with the Trust Path created
Steps to Add Cyber Gateway (CGW) in admin console
Click on “Add gateway” in Gateway section
Select Gateway Type as “LAN/WAN Interface”. Fill in the details and create Gateway, followed by Trustpath.
Subnet – Please enter LAN subnet ( i.e. 192.168.57.0/24). This will be added Trustpath automatically to Gateway, so no need to add this as Trustpath again.
DHCP (Yes/No) – Please select ‘Yes’ if DHCP server to be started with CGW
HA (Yes/No) – Please select ‘Yes’ if CGW to be deployed in High Availability mode. 2 Ubuntu VMs or Orange Pi boxes needed for HA setup.
SIA via Mesh – Please select ‘Yes’ if all traffic routed via Cybermesh. Traffic routing via mesh is not needed for most of the deployments as CGW provides required Firewall and security functions.
VLAN enabled – Please select ‘Yes” if CGW needs support VLAN
Steps to Install Cyber Gateway (CGW)
- Login to Ubuntu VM or OrangePi R1 Plus LTS box ( After login, run “sudo -s” to change to root. Root privileges are needed to deploy CGW)
- Copy Single click installation command from admin console as shown below
Click on icon as show below to copy script to clipboard
- Login to VM/OrangePi box
- type “sudo -s” to switch to root
- Paste the command copied from admin console in VM/Pi box shell
- This will install all necessary packages for CGW. While installation is in progress, you will be asked to select LAN, WAN Interfaces as shown below
- On UbunVM, Once installation is done VM will reboot. This is needed to make sure all installations comes in effect.
- On OrangePi boxes, Once installation is done, it will connect automatically ( without rebooting)
- After reboot, Please give 2 ~3 mis for CGW restart and connect. You can check status of CGW by executing following command to check status
- In rare cases where CGW does not come up, You can run following to start CGW
cgw start
This command will bring up the CGW and once that is done, it show status. You can see connected status on admin console on Gateways section.
DHCP configuration:
DHCP Server will be started and enabled when ./start-cgw.sh is invoked. You can verify the DHCP configuration by accessing DHCP server.
access DHCP server at http://x.x.x.x:8080/#dhcp. (You can use WAN IP to access this, x.x.xx: replace with WAN IP). You can edit configuration and enable DHCP on LAN as shown below if needed.
save DHCP configuration
Device connectivity
Once DHCP server is up, devices can get IPs from CGW – DHCP server
CGW UI
Access CGW UI at http://LAN_Gateway_IP/. DNS Server , Webmin will have default login/password. You can see them by clicking on “Credentials” highlighted in Home Page screenshot.
CGW cli commands:
Please type “cgw help” from Linux shell to see all CGW CLI commands
Recommended Hardware:
Cyber gateway can be deployed in a VM on Proxmox, KVM, VMWare, Hyper-V or any other hypervisor. For on-prem deployments where there is no existing hardware to run a VM, we recommend below hardware: