- Add or Replace a Signed Certificate on an Airwall Gateway for Conductor Communication
By default, the Airwall Gateways come with a Tempered factory-installed certificate. You can add your own custom CA certificate to use for Conductor communication.
- Set up Port Groups on an Airwall Gateway
The default port groups work for some deployments. You may need to set up underlay or overlay port groups if your deployment requires it.
- Seamless Bypass
Seamless Bypass allows you to separate traffic (split tunnel) going through your Airwall Gateway, where you selectively encrypt and tunnel some traffic, while allowing other traffic to pass through the Airwall Gateway unchanged. This ability also allows protected devices to securely communicate with devices or network locations that are not protected by Airwall Edge Services.
- Backhaul Bypass
Set up backhaul bypass to allow any v3.0 or later Airwall Gateway to reach bypass destinations by tunneling traffic using designated bypass egress Airwall Gateways.
- Enable DNS lookup for bypass destinations
If you want or need to use a fully-qualified domain name (FQDN) when specifying a bypass destination, you can enable DNS lookup for bypass. An FQDN may be necessary if the bypass destination IP is not static.
- Airwall Edge Service High Availability (HA)
High Availability (HA) Airwall Gateways provide hardware redundancy in a hot-standby mode. Airwall Gateways installed in an HA configuration maintain a heartbeat on a dedicated Ethernet link where only the current primary is participating in overlay network communications. If the primary fails to send heartbeat messages to the secondary, the secondary takes over overlay network communications for the HA pair.
- One-arm mode
You can configure an Airwall Gateway to use a single network connection in cases where you want to prevent common routing errors caused by multiple interfaces.
- Network address translation (NAT)
Network Address Translation (NAT) translates an IP address in one network to a different IP address in another network. The two IP addresses are referred to as the External IP address and the Internal IP address. The External IP address is the IP address of the device in the overlay network and the Internal IP address is the actual IP address of the device.
- Encryption and tunnel compression on an Airwall Gateway
You can change the encryption or compression of Airwall Gateways.
- Protected devices with static routing
You can configure static routing for protected devices with IP addresses not directly connected to an Airwall Gateway.
- Protected devices with DHCP
If you have protected devices that use DHCP to obtain an IP address, you need to configure DHCP on the Airwall Gateway that protects that device.
- DHCP relay on an Airwall Gateway
If you have protected devices that use DHCP to obtain an IP address, you can configure the Airwall Gateway to relay the DHCP address to your DHCP server.
- Port Filtering on an Airwall Gateway
Each Airwall Gateway has a Stateful Packet Inspection (SPI) port filter that can be configured in the Conductor. Communications from remote devices behind remote Airwall Gateways are incoming connections. When the Airwall Gateway firewall is enabled, all incoming communications coming from remote Airwall Gateways are blocked by default, unless they are related to an already established session from a local device behind the local Airwall Gateway.
- Limit Device Traffic on an Airwall Gateway with Port Filtering
You can use Airwall Gateway port filtering to limit what traffic can pass over an Overlay based on TCP/UDP Ports. With port filtering enabled, all communication from remote to local devices is disabled, and you create custom rules to tell the local Airwall Gateway what to allow as incoming connections to local devices.
- Spanning Tree Protocol on the Overlay Network