Scenario: Configuring access from an external network to internal network devices
This section describes the sequence of actions required to configure access from an external network to internal network devices using Kaspersky IoT Secure Gateway 1000.
Prior to performing the configuration, you must make sure that the port that will be used to connect to an internal network device is accessible for the connection.
The access configuration scenario consists of the following steps:
- Configuring routing of transit IP packets
On the device residing in the external network, configure routing of transit IP packets so that the network packets intended for the internal network device that needs to be accessed are forwarded through the external network interface of Kaspersky IoT Secure Gateway 1000 (WAN).
For details on configuring routing of transit IP packets on an external network device, please refer to the User Guide for the device.
- Disabling masquerading
Disable masquerading for dynamic conversion of IP addresses of transit packets received by Kaspersky IoT Secure Gateway 1000 from a device on the external network.
- Creating a rule for a device in an external network
Create a firewall rule that opens the external interface of Kaspersky IoT Secure Gateway 1000 (WAN) to allow network packets to pass from the external network device to a device in the internal network.
The rule that has been created will be applied simultaneously to all available interfaces for connecting to the external network, including those for connecting to the external network via a built-in modem.
- Creating a rule for a device in the internal network
Create a firewall rule that opens the internal interface of Kaspersky IoT Secure Gateway 1000 (LAN) to allow network packets to pass from an internal network device to a device in an external network.
- Check the connection to an internal network device.
On a device that resides in the external network, check the connection to a device on the internal network.
For more details on the options for checking the connection to other network devices, please refer to the User Guide for the device.
Access configuration is complete. You will be able to connect from the external network to devices residing within the internal network of Kaspersky IoT Secure Gateway 1000, for example, to export data from these devices or to configure their settings.
