It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda CloudGen Access

Network

  • Last updated on

Requirements

  • These are the network requirements for a secure working installation:

    • Internal resources (configured from the CloudGen Access Console) can only communicate with the internal leg of the Envoy Proxy.

    • The Envoy proxy has an internal leg and an internet-facing leg.

    • The Internet-facing leg needs to expose the configured CloudGen Access Proxy port.

    • For High Availability mode (HA), the Envoy Proxy must be placed behind a layer 3 round robin load balancer.

Firewall Configuration

All values are assumed to be default values.

ComponentDescriptionDirectionProtocol / PortMode
Envoy Proxy

Access portInboundConfigured in ConsoleAll
Registered resourcesOutboundConfigured in ConsoleAll
CloudGen Access Proxy OrchestratorOutboundTCP 50051All
CloudGen Access Proxy Orchestrator

Envoy Proxy ClusterInboundTCP 50051All
CloudGen Access Console APIOutboundTCP 443All
RedisOutboundConfigured Redis portHA mode

Network Diagrams

Single Mode

cg_access_ap-net_single_mode.png

High Availability Mode

Redis Replication is beyond the scope of this document. See Redis Replication on the redis site.

cg_access_ap-net_ha_mode.png