ContextQMD
Back to Firezone

Access a Private Network

website/src/app/kb/use-cases/private-network-access/readme.mdx

1.0.52.5 KB
Original Source

import SupportOptions from "@/components/SupportOptions"; import Alert from "@/components/DocsAlert"; import Image from "next/image"; import Link from "next/link"; import PlanBadge from "@/components/PlanBadge";

<PlanBadge plans={["starter", "team", "enterprise"]}>

Access a Private Network

</PlanBadge>

In this guide, we'll be using Firezone to secure access to a private subnet behind a firewall.

This is useful when you have hosts or services behind a firewall that you want to keep secure, but still need to access it from external networks like the internet.

<Alert color="warning"> In general, we recommend using a more granular approach to secure access using either [DNS](/kb/use-cases/web-app-access) or [IP-based](/kb/use-cases/host-access) Resources instead of the blanket approach used in this guide. Only use this guide if using DNS or IP-based Resources is not feasible, or if you need a stepping stone towards a more granular approach. </Alert>

Prerequisites

  • A Site that will contain the subnet you want to secure access to. Create a Site if you haven't already.
  • One or more Gateways deployed within the Site. Deploy a Gateway if you don't have any in the Site where this subnet is located.
<Alert color="warning"> Opening ports on your network firewall is **not** necessary or recommended. Firezone Gateways perform secure NAT traversal for you. </Alert>

Step 1: Create a Resource

  1. In your admin portal, go to Sites -> <site> and click the Add Resource button.
  2. Select CIDR as the Resource type.
  3. Enter the CIDR range of the subnet you want to secure access to. This should be a range of IPv4 or IPv6 addresses that's directly reachable from the Gateway(s) in your Site.
  4. Name the Resource something descriptive, like SJC demo net. You'll refer to this name when creating a Policy in the next step.
  5. Click Save.
<Link href="/images/kb/use-cases/private-network-access/step1.png" target="_blank" rel="nofollow" > <Image src="/images/kb/use-cases/private-network-access/step1.png" alt="Create a Resource" width={1200} height={1200} /> </Link>

Step 2: Create a Policy

  1. In the Policies tab, click the Add Policy button.
  2. Select an appropriate Group and the the Resource you created in Step (1).
  3. Click Save.

Step 3: Done!

You should now be able to access hosts and services in the subnet you specified in Step (1).

<SupportOptions />