Skip to main content

Hey Folks!

I’m looking to find out if anyone has modeled their corporate VPN access - maybe using Synthetic Devices - in such a way that allows you to search for user workflows to determine if they are allowed, and have them properly modeled as coming in through the VPN Firewall instead of at the switch VLAN. We are looking to create intent checks for access through our VPN.

 

Happy NQEing!

Hi @BDrinkard, this sounds like something that would work using a synthetic Intranet node . For clarification, is this for site-to-site VPN or client-to-site VPN? Thanks

@BDrinkard for a client-to-site VPN, you can also use an Edge node to represent the pool of client addresses. One benefit of an Edge node over an Intranet node is that path queries can use either the node name or any address in its network as the entry point using the from keyword. For example, if you create an Edge node for network 10.0.0.0/24, you can build a query using “from 10.0.0.2 ...” or “from vpn-edge-node ...”, which would start from the Edge node. If using an Intranet node, you can only use its “self” interface to source traffic from it: “from intranet self ...”.

Reply


Badge winners

  • Community Champ Award
    Vladi Bhas earned the badge Community Champ Award
  • Community Champ Award
    dakotagloryhas earned the badge Community Champ Award
  • NQE Contributor
    CarlBhas earned the badge NQE Contributor
  • NQE Contributor
    gbaronhas earned the badge NQE Contributor
  • Community Contributor
    Rohit_809 Kumarhas earned the badge Community Contributor
Show all badges
Terms of UseCookie settings