Secure Connectivity with Znode Network

TABLE OF CONTENTS

Introduction

This document helps Znode customers/partners to securely connect their internal server (eg: ERP)  to the hosted Znode server.  This is an alternative to establishing a permanent tunnel between the two networks. This approach provides a secure way to connect the two servers without exposing the complete network to the other party, thereby mitigating any security risks.

Detailed guidelines for connectivity

Follow the below steps to establish a secure connection between Znode and the customer/partner internal server.

  1. A public IP needs to be mapped to the local  IP address (eg: ERP server IP). This step needs to be performed only if the internal server is not in the public domain. 
  2. Whitelist the Znode application server’s IP in the customer/partner firewall. This enhances security and allows internet traffic only from these IPs.
  3. Point your domain (URL) using your public IP on your domain service portal (Like Go-Daddy or others).
    Note: This is an optional step
  4. Please see the connectivity diagram for more understanding.

     

Address Mapping

The traffic has to be forwarded to the respective internal server, in which URLs are hosted.


To map the IP address follow the below-mentioned two steps:

  1. Bridging of public and private IP addresses. 
  2. Bridging of ports with public and private IP addresses.

This makes a bridge between the public and the local server at the firewall (Mapping of Public IP with local URLs). Ports allowed here are the open ports, from which the request or traffic is allowed within the firewall, all other ports will be in a blocked state.


Bridging of public and private IP addresses. 

Below is the example screenshot with allowed traffic to local server IP addresses. This screenshot can differ depending on the firewall.



Bridging of ports with public and private IP addresses.

Once the above steps are completed, traffic flows from the defined port. Other ports will be in a block state. 


Example: If the setting is tweaked to keep ports 80 and 443 open then traffic will be allowed to flow from 80 and 433 ports only. Custom and Non-standard ports can also be used. (Like 810)


In the same way, all the ports need to be forwarded which are used by the internal server. Below is the example screenshot for the same.



Whitelisting IP 

Here the whitelisting of IPs within the firewall will be performed.


Prerequisite :

Znode Application IPs: Znode will provide the IPs to be whitelisted. Once the IPs are received from Znode, please perform the below procedure.

Whitelist the IP in the Firewall

The Below setting should be made at the Customer/Partner end.

  1. In the below dashboard, give the name of to host group that needs to be allowed 
  2. In the list of IPs, add IPs, that want to be whitelisted in the firewall.
  3. Select IP Host Group or Single IP from the dropdown.
  4. Press OK, now the mentioned IPs will get whitelisted in the firewall

IP routing Policy

Allow traffic only through whitelisted  IPs/IP Host Group from the firewall. In this way only whitelisted IPs will be able to access the ERP URLs. Below is the example with the screenshot for your reference.



URL Pointing Publicly  (Optional)

If the internally hosted domain needs to be accessed then the domain needs to be pointed to the firewalls IP or Virtual IP.  

Domain Pointing

  1. Suppose the URL for the application (eg: ERP) is erp.yyxx.com.
  2. Log in to the DNS panel and make an “A” entry which will point to the firewall IP.
  3. Below is the example with a screenshot.

Did you find it helpful? Yes No

Send feedback
Sorry we couldn't be helpful. Help us improve this article with your feedback.