Tunnels

The Tunnels tab lets you define the DSG inbound communication channels.

The changes made to Tunnels require cluster restart to take effect. You can either use the bundled default tunnels or create a tunnel based on your requirements.

The Tunnels tab is as seen in the following figure.

Tunnels tab

The following table provides the description of the columns available on the Web UI.

1 Name - Unique tunnel name.

2 Description - Unique description that describes port supported by the tunnel.

3 Protocol - Protocol type that the tunnel supports. The available Type values are HTTP, S3, SMTP, SFTP, NFS, and CIFS.

4 Enabled - Status of the tunnel. Displays status as true, if the tunnel is enabled.

5 Start without service - Select to start the tunnel if no service is configured or if no services are enabled.

6 Interface - IP address through which sensitive data enters the DSG. The available Listening Address options are as follows:

  • ethMNG: The management interface on which the Web UI is accessible.
  • ethSRV0: The service interface for communicating with an untrusted service.
  • 127.0.0.1: The local loopback adapter.
  • 0.0.0.0: The broadcast address for listening to all the available network interfaces over all IP addresses.
  • Other: Manually add a listening address based on your requirements.

Note: The service interface, ethSRV0, listens on port 443. If you want to stop this interface from listening on this port, then edit the default_443 tunnel and disable it.

7 Port - Port linked to the listening address.

8 Certificate - Certificate applicable to a tunnel.

9 Deploy to All Nodes - Deploy the configurations to all the DSG nodes in the cluster.|Deploy can also be performed from the Cluster tab or Ruleset screen. In a scenario where an ESA and two DSG nodes are in a cluster, by using the Selective Tunnel Loading functionality, you can load specific tunnel configurations on specific DSG nodes.
Click Deploy to All Nodes to push specific tunnel configurations from an ESA to specific DSG nodes in a cluster.

The following figure illustrates the actions for the Tunnels screen.

The following table provides the available actions:

1 Create Tunnel - Create a tunnel configuration as per your requirements.

2 Edit - Edit an existing tunnel configuration.

3 Delete - Delete an existing tunnel configuration


Manage a Tunnel

From the Tunnels tab, a tunnel can be created, edited, or deleted.

Amazon S3 Tunnel

About S3 tunnel fields.

HTTP Tunnel

HTTP tunnel configurations.

SFTP Tunnel

Configure the SFTP tunnel.

SMTP Tunnel

Configure SMTP tunnel.

NFS/CIFS

The Network File System (NFS) enables users to store and access data from storage points such as disks and directories over a shared network. The Common Internet File System (CIFS) is a file sharing protocol for Windows OS-based systems.

Last modified January 30, 2025