Skip Navigation

Defining your private network

To use
to control access to your private networks, you need to define your private networks. When you define your private networks, you can configure
to apply the most restrictive privilege and micro-segmentation when users access your network resources.
supports access to more than one private network (for example, segments, data centers, and VPCs) both in on-premises and cloud environments.
blocks users from connecting to any location in your private network unless the user is assigned an access control list (ACL) rule that allows the connection.
You define your private networks by adding a connector group for each private network that you want users to be able to access resources on. If your
service was enabled before July 2023 and included one or more
CylanceGATEWAY Connectors
, all of your existing connectors have moved to the "Default Connector Group". You can rename the default connector group or add additional groups and assign the connectors as required.
Each tenant supports a maximum of eight connector groups.
Connector groups consist of the following:
  • The IP addresses, IP address ranges, and CIDR notation that you specify for each group.
    CylanceGATEWAY Connectors
    recognize these addresses as a part of one of your private networks.
  • The health check URL. This is unique to the group and is used by each
    CylanceGATEWAY Connector
    in the group to confirm connectivity to your private network.
  • The IP restrictions that you may specify to have Gateway accept connections only from connectors at the specified IP addresses.
To establish a secure tunnel between users' devices and your private networks, you must install one or more
CylanceGATEWAY Connectors
and assign them to a group.
Each connector group supports a maximum of eight
CylanceGATEWAY Connectors
You can also specify the addresses of your private DNS servers and the private DNS suffixes used for searches. The DNS settings apply to all group connectors in your environment and must be added to one group.
In environments that contain multiple groups with similar destination IP addresses or address ranges, data flow is directed, in order, to the connector groups listed until the IP address is matched to a connector group. The connector group that includes the matching IP address is then used to route the connection to the destination to access resources.