Scout Cloud Gateway in a DMZ
For the setup of the Scout Cloud Gateway in your network, we recommend the operation in a security-controlled 'Demilitarized Zone',
The following routes must be set up for configuration:
From the eLux devices to the DMZ
You define these routes in the SCG WebAdmin interface under Configuration > VPN device settings > Routes.
From the Scout Cloud Gateway to the Intranet
For further information, see Static IP routes.
From the Scout Server, AD server / identity manager and other required (application) servers back to the Scout Cloud Gateway in the DMZ
For further information, see General network settings.
Use dedicated firewall rules to control access from the Internet to the DMZ and from the DMZ to the Intranet.
To use the Scout Cloud Gateway as a router between DMZ and Intranet, you can use a second network card. In the VM installation, two network cards are already considered and can be configured.
Note the following
If you intend to use multiple SCG instances in a cluster, they must also be able to communicate with each other.
If you define a gateway and DNS only for the internal network, make sure that the names of the Scout Server and AD server / identity manager can be resolved.
Example for configuring routes
(A) eLux devices are supposed to access resources on the Intranet (network 192.168.50.0/24).
(B) The SCG is located in a DMZ with network 192.168.100.0/24 and connects eLux devices via tunnel network 10.8.0.0/24.
(C) Both networks are connected via a router/gateway, with address 192.168.100.1 in the DMZ and 192.168.50.1 in the Intranet.
A) Network: 192.168.50.0, subnet mask: 255.255.255.0 (gateway is the VPN server of the SCG)
B) Network: 192.168.50.0, subnet mask: 255.255.255.0, gateway from DMZ to intranet: 192.168.100.1
C) Network: 10.8.0.0, subnet mask: 255.255.255.0, gateway from the intranet into the DMZ: 192.168.50.1
For further information, see General configuration.