Gateways

Last modified on August 10, 2022

Overview

Gateways are the initial entry point into the strongDM network. Therefore, each gateway must be assigned an address that is accessible to your users. You will need at least one gateway to connect to resources, but we recommend running them in pairs.

StrongDM gateways are usually exposed directly to the internet. If you wish to extend your strongDM network into a more secure network or subnet, you may deploy a relay that allows egress-only connections to secured resources. To learn more, see the Gateways and Relays pages.

Add a Gateway

  1. Log in to the Admin UI.
  2. Select Network > Gateways in the navigation.
  3. Click Add gateway. You can rename the gateway here or modify it later. Advertised host should be the IP address or host that the gateway listens on. Select a TCP port (default 5000) for the service to listen on.
Add a New Gateway
Add a New Gateway
  1. Click Create gateway and the gateway token appears in a modal. Copy the gateway token and put it aside. You will need it again in a later step.
Gateway Token
Gateway Token
  1. Set up a 64-bit Linux instance to run the gateway. Machines should have at least 2 CPUs and 4 GB of memory. If the instance is using SELinux, you need to disable SELinux to install the gateway.

  2. Log in to the gateway instance. Then download the strongDM binary:

    curl -J -O -L https://app.strongdm.com/releases/cli/linux
    
  3. Unzip the binary:

    unzip sdmcli_VERSION_NUMBER_linux_amd64.zip
    
  4. Run the installer:

    sudo ./sdm install --relay
    
  5. When you are prompted for the gateway token you created in step 4, paste it into the terminal. Press enter. For security purposes, the token does not display in the terminal.

  6. Log in to the Admin UI and go to Network > Gateways. The gateway you created appears online and healthy. You may need to hard refresh the page.

  7. Confirm your gateway creation was successful by verifying that the LISTENADDR is accessible from the appropriate end user network:

    telnet 10.0.50.17 5000
    Trying 10.0.50.17...
    Connected to 10.0.50.17
    Escape character is '^]'
    
  8. Repeat this process to create a second gateway if you wish. We recommend running them in pairs for high availability.

If any errors occur, please copy them into an email and send to support@strongdm.com.

Top