Has anyone modeled corporate VPN?

  • 9 January 2024
  • 2 replies

Userlevel 2

Hey Folks!

I’m looking to find out if anyone has modeled their corporate VPN access - maybe using Synthetic Devices - in such a way that allows you to search for user workflows to determine if they are allowed, and have them properly modeled as coming in through the VPN Firewall instead of at the switch VLAN. We are looking to create intent checks for access through our VPN.


Happy NQEing!

2 replies

Hi @BDrinkard, this sounds like something that would work using a synthetic Intranet node . For clarification, is this for site-to-site VPN or client-to-site VPN? Thanks

@BDrinkard for a client-to-site VPN, you can also use an Edge node to represent the pool of client addresses. One benefit of an Edge node over an Intranet node is that path queries can use either the node name or any address in its network as the entry point using the from keyword. For example, if you create an Edge node for network, you can build a query using “from ...” or “from vpn-edge-node ...”, which would start from the Edge node. If using an Intranet node, you can only use its “self” interface to source traffic from it: “from intranet self ...”.