Terms and Definitions

active

The Conductor or Airwall Gateway that is set to be used by default in a high-availability configuration. Also called primary or master.

Airshell

A command-line interface that allows you to deploy and configure Airwall Gateways. See Airshell Command Line.

Airwall Agent

Software that runs on a laptop or mobile device that allows that device to connect securely to resources on an Airwall secure network according to trust policies set up by an administrator of an Airwall Conductor.

Airwall Edge Service

A term that refers to all of the hardware and software that manages trust policies on an Airwall secure network, including Airwall Agents and Servers, Airwall Gateways, and Airwall Relays.

Airwall Gateway

A physical, virtual, or cloud gateway that protects the devices connected to it, and manages the devices' communication according to the trust policies set up by an administrator of an Airwall Conductor.

Physical Airwall Gateways, depending on the model, can have built-in Ethernet, Wi-Fi, and Cellular (2G, 3G, 4G LTE modems), as well as Serial-over IP for the flexible link connectivity options. You can also deploy virtual and cloud Airwall Gateways.

Airwall Invitation

Airwall Invitations provide a simpler way to add people’s mobile phones, tablets, and computers to your Airwall secure network. At a minimum, sending invitations automatically provisions and manages people as they connect. You can also set up the invitation to place people into overlays to define what resources they can reach on the network, access windows when they can connect, and other settings.

Airwall Relay

An Airwall Relay routes encrypted communications between resources and Airwall Edge Services. Relays reduce network complexity and enable complete connectivity between disparate systems. An Airwall Relay provides a private identity namespace that eliminates the need for public IP addresses and inbound firewall rules to connect devices.

Airwall secure network

A virtual air-gap solution that ensures your devices are completely invisible, where you can secure and micro-segment network communication and remote access between devices over your existing network.

Airwall Server

Software that runs on a server computer that allows that server to connect securely to resources on an Airwall secure network according to trust policies set up by an administrator of an Airwall Conductor.

allowlist

List of assets that are allowed access on your network.

backhaul bypass

Sending bypass traffic through a designated Airwall Gateway set up to handle traffic out of and into the Airwall secure network. The Airwall Gateway that is handling bypass traffic is called a bypass egress gateway.

bypass traffic

Traffic leaving the Airwall secure network (for example, traffic to and from the Google DNS servers or the Internet). See also seamless bypass or backhaul bypass.

cloak

Hiding or making invisible endpoints on an overlay (secure) network. Cloaking is a unique function of HIP and the Airwall Solution.

Conductor

The physical, virtual, or cloud service that centrally manages connections and trust for an Airwall secure network. The Conductor provides one centralized location for you to set up and manage Airwall Edge Services and trust policies between them to create, manage, and monitor your Airwall secure network. It is not involved in the data that is exchanged between Airwall Edge Services and the devices they protect.

denylist

List of assets that are denied access on your network.

full tunnel

A setting on an Airwall Agent or Server that forces all traffic on the device to go through the secure HIP tunnel.

HIP

Host Identity Protocol

HIP is the secure protocol used by the Airwall Solution to provide secure networks. HIP is an open standard that separates the role of an IP address as both host identity and location within a network, such that hosts are instead identified using cryptographic identities in the form of public keys. You can then define device-to-device trust relationships based on the host identity instead of the IP address.

lock down

A setting on an Airwall Agent or Server that only allows HIP traffic on the device.

MAP, MAP2, IF-MAP

The interface to Metadata Access Points. Airwall Edge Services use this client/server protocol to communicate with the Conductor, which provides authentication keys and communication policy to them.

micro-segmentation

Compartmentalizing your network into isolated segments in which devices are only exposed to each other when they have a need to communicate.

overlay

Overlays are virtual networks that make up your Airwall secure network that connect and establish trust between two or more Airwall Edge Services and the devices they protect.

The secured communications channels you create with an overlay are encrypted HIP tunnels that allow trusted devices to communicate securely with each other across the network. These communication channels are controlled by the Airwall Edge Services deployed throughout the underlay and administered by the Conductor.

seamless bypass

Seamless Bypass allows you to separate traffic (split tunnel) going through your Airwall Gateway, where you selectively encrypt and tunnel some traffic, while allowing other traffic to pass through the Airwall Gateway unchanged. This ability also allows protected devices to securely communicate with devices or network locations that are not protected by Airwall Edge Services, such as software update servers on the Internet.

Configuring an Airwall Gateway for seamless bypass permits traffic between the secure overlay network and an insecure underlay network, where the Airwall Gateway acts similarly to an SNAT (Source Network Address Translation) gateway. Connections initiated from the underlay network are still blocked, but connections initiated from a protected device to a permitted bypass destination are allowed.

standby

The Conductor or Airwall Gateway that is standing by to take over if the active one fails in a high-availability configuration. Also called secondary.

tunneling/tunnels

Encapuslating network traffic in an encrypted connection between two points (for example, similar to a VPN). A tunnel refers to the encrypted connection that is passing traffic.

underlay

Your existing Layer 2 networks, including the internet if your Airwall secure network traverses it. Airwall Edge Services (Gateways, Agents, and Servers) and the Conductor connect to the underlay over which you establish the Airwall secure network.