Scenario: Configuring access from an external network to internal network devices
This section describes the sequence of actions required to configure access from an external network to internal network devices using Kaspersky IoT Secure Gateway 1000.
Prior to configuration, make sure that the port to be used for connecting to the internal network device is open and accessible for connection on the device.
The access configuration scenario consists of the following steps:
- Configuring routing of transit IP packets
On the external device from which you want to access devices on the internal network, configure routing of transit IP packets to the Kaspersky IoT Secure Gateway 1000 external network (WAN) port.
For details on configuring routing of transit IP packets on an external network device, please refer to the User Guide for the device.
- Disabling masquerading
Disable masquerading for dynamic conversion of IP addresses of transit packets received by Kaspersky IoT Secure Gateway 1000 from a device on the external network.
- Creating a rule for access from an external network
Create a firewall allow rule to allow packets from a device on the Kaspersky IoT Secure Gateway 1000 external network (WAN) to the device on the internal network.
The rule that has been created will be applied simultaneously to all available interfaces for connecting to the external network, including those for connecting to the external network via a built-in modem.
- Creating rules for access from the internal network
Create a firewall allow rule to allow packets from the device on the Kaspersky IoT Secure Gateway 1000 internal network (LAN) to the device on the external network.
- Check the connection to an internal network device.
On a device that resides in the external network, check the connection to a device on the internal network.
For more details on the options for checking the connection to other network devices, please refer to the User Guide for the device.
Access configuration is complete. You will be able to connect from the external network to devices residing within the internal network of Kaspersky IoT Secure Gateway 1000, for example, to export data from these devices or to configure their settings.
