Skip to main content

Managing Secure Networks

Published on:
.
2 min read

Zenarmor SASE edition enable you to establish secure private networks within your organization. The Zenarmor private network is a mesh virtual private network (VPN).

The primary advantage of the Zenarmor private network over traditional virtual private networks is its simplicity, speed and performance. Zenarmor provides a scalable, secure, and performance-optimized framework for managing remote access. Unlike conventional VPN solutions, Zenarmor does not require routing network packets through a data center or point of presence (POP) location. This approach reduces latency and eliminates the inefficiencies of centralized routing, resulting in a smoother and faster experience for end users.

Another advantage of Zenarmor SASE is the zero trust mentality. All connections are denied unless it’s explicitly allowed via policy. Policy rules are fully context aware and can enforce based on a number of advanced criteria like user, group, location, application etc.

Zenarmor enables organizations to quickly extend their coverage across multiple locations without the need to duplicate hardware infrastructure. This flexibility makes it an excellent choice for enterprises managing global operations, branch offices, and a remote or hybrid workforce. Whether deployed in a public cloud, on-premises data center, on edge devices, or as a hybrid solution, Zenarmor offers a level of scalability that traditional VPNs often struggle to achieve in modern enterprise environments.

Zenarmor's secure private networks are managed through a central cloud management portal called Zenconsole. This powerful tool streamlines configuration, simplifies policy updates, and enhances user onboarding, enabling you to scale your network effortlessly.

Managing Zenarmor secure private networks is incredibly easy and efficient. You can simply manage your secure networks by following the 3 main steps.

  1. Create your micro-segmented secure private networks within your organization.
  2. Add peers, whether they’re gateways or endpoints.
  3. Tailor your access control through intuitive private network policies, and let Zenarmor take care of the rest.

In just seconds, your micro-segmented mesh networks will be fully operational, providing robust security and connectivity.

Creating Secure Private Networks

You may easily create private networks by following these steps.

  1. Login Zenconsole.

  2. Select the organization that you want to manage.

  3. Navigate to Secure Networks page on Zenconsole.

  4. Click on the + Create Overlay Network button. This will pop up a dialog box for overlay network settings.

    Figure 1. Secure Networks Page

  5. Type a descriptive name for the Network Name.

  6. Type a descriptive name for the Network Slug.

  7. Specify the IPv4 Address Range in CIDR format.

    warning

    Please be aware that assigning a private IP address (such as RFC1918) may trigger DNS rebinding protection mechanisms in browsers and network security systems. This can lead to access being blocked or resolution failures occurring. Public DNS servers should not resolve to private IP ranges (for example, 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16).

    If you need to use non-public addresses, there are two recommended approaches:

    1. Utilize CGNAT address space (100.64.0.0/10) instead of RFC1918 ranges. This can help avoid DNS rebinding protection issues while still allowing the use of non-public IPs.

    2. Set up your own private DNS server for internal resolution.

    Figure 2. Create Overlay Network

  8. Click Create button. This will seamlessly establish a private and secure network tailored for your organization. You will then see the overlay network configuration page, ready for your customization.

    Figure 3. Secure Network Settings Page

You may create multiple secure private networks within your organization. You'll find a complete list of all your private networks conveniently displayed on the left side of the Secure Networks page, making management effortless and efficient.

Figure 4. Secure Networks List

Adding/Removing Users and Groups

Zenconsole enables you to define which users and groups are allowed to connect to your secure private network. You can add endpoint devices individually or by selecting specific users and groups. Any endpoint devices that these users have previously added, as well as those they will add in the future, will be integrated into this overlay network.

Adding Users

To add users to an overlay network, you may follow the next steps.

  1. Navigate to Secure Networks page of an organization on Zenconsole.

  2. Select the private network to which you want to add a user.

  3. Click + Add User button. This will display available users in your organization. You may use Search tool to find a specific user quickly.

  4. Select the user you want to add.

    Figure 5. Adding User

  5. You may add as many users as you want. All added users will appear in the Users pane.

    Figure 6. Approved Private Network Users

Removing Users

To remove a user from an overlay network, you may follow the next steps.

  1. Navigate to Secure Networks page of an organization on Zenconsole.

  2. Select the private network from which you want to delete a user.

  3. Locate the user that you want to remove in Users pane.

  4. Click X icon next to the user. This will display a notification window for confirmation.

  5. Click Remove to delete the user from the overlay network.

    Figure 7. Delete User from Overlay Network

Adding Groups

To add groups to an overlay network, you may follow the next steps.

  1. Navigate to Secure Networks page of an organization on Zenconsole.

  2. Select the private network to which you want to add a group.

  3. Click + Add Group button. This will display available groups in your organization. You may use Search tool to find a specific group quickly.

  4. Select the group you want to add.

    Figure 8. Add Group to Overlay

  5. You may add as many groups as you want. All added groups will appear in the Groups pane.

    Figure 9. Approved Private Network Groups

Removing Groups

To remove a group from an overlay network, you may follow the next steps.

  1. Navigate to Secure Networks page of an organization on Zenconsole.

  2. Select the private network from which you want to delete a group.

  3. Locate the group that you want to remove in Groups pane.

  4. Click X icon next to the group. This will display a notification window for confirmation.

  5. Click Remove to delete the group from the overlay network.

    Figure 10. Delete Group from Overlay

Managing Peers

Zenconsole allows you to manage secure private network peers, endpoints, or gateways. You may perform the following tasks on these peers.

  • Adding EndPoint Peers

  • Adding Gateway Peers

  • Removing Peers

  • Viewing Peers

  • Updating Peer Settings

  • Searching Peers

Adding EndPoint Peers

You may add an endpoint device to your secure private network as a peer by following the next steps.

  1. Navigate to Secure Networks page of an organization on Zenconsole.

  2. Select the private network to which you want to add an endpoint peer.

  3. Scroll down to the Peers pane.

  4. Click + Add Endpoint button. This will display available endpoints in your organization. You may use Search tool to find a specific endpoint quickly.

  5. Select the endpoint you want to add.

  6. You may add as many endpoints as you want. All added endpoints will appear in the Peers pane. A message box will appear at the bottom right of the page for configuration updates.

    Figure 11. Add Endpoint to Overlay

  7. Click Triger Update button for an immediate configuration update on all instances.

    Figure 12. Trigger Update

Adding Gateway Peers

You may add a gateway device to your secure private network as a peer by following the next steps.

  1. Navigate to Secure Networks page of an organization on Zenconsole.

  2. Select the private network to which you want to add a gateway peer.

  3. Scroll down to the Peers pane.

  4. Click + Add Gateway button. This will display available gateways in your organization. You may use Search tool to find a specific gateway quickly.

  5. Select the gateway you want to add.

  6. You may add as many gateways as you want. All added gateway peers will appear in the Peers pane. A message box will appear at the bottom right of the page for configuration updates.

    Figure 13. Add Gateway to Overlay

  7. Click Triger Update button for an immediate configuration update on all instances.

    Figure 14. Trigger Update

Removing Peers

You may easily remove a peer from a secure private network by following the next steps.

  1. Navigate to Secure Networks page of an organization on Zenconsole.

  2. Select the private network from which you want to remove a peer.

  3. Scroll down to the Peers pane.

  4. Locate the peer that you want to remove. You may use the search toolbox to find a peer.

  5. Click Actions menu with the 3-dot icon. This will open a drop-down menu.

    Figure 15. Remove Peer from Overlay

  6. Click Remove button to delete the selected peer from the secure private network. This will display a notification window for confirmation.

  7. Click Remove to approve the peer deletion. A message box will appear at the bottom right of the page for configuration updates.

  8. Click Triger Update button for an immediate configuration update on all instances.

Viewing Peers

Zenconsole allows you to view all peers approved to connect to a secure private network from a single point of view.

You may view all peers in a secure private network by following the next steps.

  1. Navigate to Secure Networks page of an organization on Zenconsole.

  2. Select the private network on which you want to view a peer.

  3. Scroll down to the Peers pane.

The following peer details are displayed.

  • Peer Name

  • Slug

  • Overlay IP

  • Platform

  • Latest Activity

    Figure 16. Peers List Sorted by Overlay IP

tip

You can sort peers by their names and IP addresses. Click on the Peers or Overlay IP column to arrange the peers in either ascending or descending order.

Viewing Gateway Secure Network Connection Status

Zenconsole allows you to view the detailed status of a gateway peer by following the next steps

  1. Navigate to Secure Networks page of an organization on Zenconsole.

  2. Select the private network on which you want to view a gateway peer.

  3. Click on the gateway on the left sidebar. This will display the secure private network connection status of the selected gateway. You may view the following details.

    • Coordinator Server
    • Relay Server
    • Overlay Networks

    Figure 17. Gateway Secure Networks Status Page

Viewing Coordinator Server

Zenarmor's coordinator server initiates connections between peers in secure private networks. The details can be viewed in the Coordinator Server pane.

  • Status: This field shows the connection status between your gateway and the coordinator server. When your gateway is successfully connected to a secure network, this Status field will display as Connected. If your gateway fails to connect to the secure private network, it will show as Not Connected.
  • Location: This field displays the location of the Coordinator Server. The Zenarmor coordinator server is located in North Charleston, United States.

Figure 18. Viewing Coordinator Server

Viewing Relay Server

The Zenarmor relay server behaves as a proxy server between the peers when they cannot communicate with each other directly. In such cases, secure private network peers connect through the nearest Zenarmor relay server. The details can be viewed in the Relay Server pane.

  • Status: This field shows the connection status between your gateway and the relay server. When your gateway is successfully connected to a secure network, this Status field will display as Connected. If your gateway fails to connect to the secure private network, it will show as Not Connected.
  • Location: This field displays the location of the Relay Server. Zenarmor provides 5 relay servers located in different regions of the world, like the United States, Europe, and Asia. Peers should connect to the nearest relay server.
  • RTT: The time gateway takes to get a response from the relay server after initiating a network request.

Figure 19. Viewing Relay Server

Viewing Secure Private Networks

You may view the list of secure private networks that your gateway connected to and their details on the Overlay Networks pane on Secure Networks page. Overlay Networks pane displays the following details.

  • Secure Private Network Name: The name of the secure private network is displayed.
  • Secure Private Network IP Range: The IP address range used for the overlay network is displayed under the name of the overlay network.
  • Overlay IP Address: The secure private network IP address of the Gateway is displayed.

Viewing Secure Private Networks Details

Secure Networks page allows you to view the status of the connections between your gateway and other peers in a secure private network. You may view the secure private network details by following the next steps.

  1. Navigate to Secure Networks page of an organization on Zenconsole.

  2. Select the private network on which you want to view a gateway peer.

  3. Click on the gateway on the left sidebar.

  4. Locate the secure private network that you want to view from the Overlay Networks pane.

  5. Click on the Show Details button next to the secure private network. This will display all peers in the secure network along with their connection status to your gateway. Listed peer details are as follows.

    • Peer: This field displays the name of the peer.
    • Connection Status: This field displays the status of the connection between your gateway and the peer. When they are connected, the duration of the active connection appears.
    • RTT (Round Trip Time): The time gateway takes to get a response from the peer initiating a network request.
    • Connection Type: Connection type between the peers. Available transport types are as follows.
      • Relay: Peers communicate with each other via a relay server hosted by Zenarmor.
      • P2P: Peers directly communicate with each other over an encrypted tunnel.
      • Local: Peers have a LAN connection between each other and communicate via this local network
    • Location: Geo IP location of the peer.
    • IP Address: Overlay IP address of the peer.

    Figure 20. Viewing Overlay Network Details

You may view the details of a selected peer by clicking on the Show Details button under the Actions column. This will display the Peer Details window on the right side of the page.

Figure 21. Viewing Peer Details

Peer Details window includes the following information about the peer pairs.

  • Name: Name of the peer.
  • Hostname: Hostname of the peer.
  • Overlay Ip: Secure private network IP address of the peer.
  • Is Pop: This option indicates whether the peer is operating as a Point of Presence (POP). (Coming soon)
  • Is Endpoint: This option indicates whether the peer is an endpoint device.
  • Advertised Networks: Displays the networks advertised by the gateway.
  • Transport Type: Connection type between the peers. Available transport types are as follows.
    • Relay: Peers communicate with each other via a relay server hosted by Zenarmor.
    • P2P: Peers directly communicate with each other over an encrypted tunnel.
    • Local: Peers have a LAN connection between each other and communicate via this local network.
  • Awaiting Signal: This option shows whether the peer has a connection with the coordinator server. It has a value of true when the peer is not responsive.
  • Established At: The moment when the gateway is connected to the peer.
  • Handshake Duration (ms): The time the handshake takes between the peers.
  • RTT (ms): The time it takes to get a response from the corresponding peer after initiating a network request.
  • Rflx Ip: Public IP address of the peer.
  • Geo Lat: Latitude value of the GEO IP for the peer.
  • Geo Lon: Longitude value of the GEO IP for the peer.
  • Geo Country Code: Country code of the GEO IP for the peer.
  • Geo Country: Country of the GEO IP for the peer.
  • Geo City: City of the GEO IP for the peer.
  • Self Session: Session ID of the peer.
  • Peer Session: Session ID of the other peer.

Updating Peer Settings

Zenconsole allows you to update the IP address of a secure private network peer or add an advertised network for a gateway peer manually. You may update these peer settings by following the next steps.

  1. Navigate to Secure Networks page of an organization on Zenconsole.

  2. Select the private network on which you want to view a peer.

  3. Scroll down to the Peers pane.

  4. Locate the peer that you want to update. You may use the search toolbox to find a peer.

  5. Click Actions menu with the 3-dot icon. This will open a drop-down menu.

    Figure 22. Access Peer Settings

  6. Click Settings button to edit the selected secure private network peer. The peer settings window will appear on the right side of the page.

    Figure 23. Peer Settings

  7. You may type the new Overlay IP Address.

  8. You may click + Add network button to define Advertised Networks, which will be routed by the gateway peer. This will open a dialog box.

  9. Type the network address that will be advertised by the gateway peer.

    Figure 24. Add Advertised Network

  10. Click Add button. A message box will appear at the bottom right of the page for configuration updates.

  11. Click Triger Update button for an immediate configuration update on all instances.

Searching Peers

Zenconsole enables you to seek a peer by its peer name, email address, or IP address. To locate a peer in your peers' list, enter their name or email address into the search field. This will automatically update the peers list below, and the peer you are seeking will be displayed.

Figure 25. Searching Peer

Deleting Private Secure Networks

To remove an overlay network from your organization, you may follow the next steps.

  1. Navigate to Secure Networks page of an organization on Zenconsole.

  2. Select the private network that you want to delete.

  3. Scroll down to the Delete Overlay Network pane.

  4. Click Delete Overlay Network button. This will display a dialog box for confirmation.

    Figure 26. Delete Overlay-Network

  5. Type the network name to approve the removal of the private network.

    Figure 27. Delete Overlay Network Confirmation

  6. Click Delete Overlay Network button. A message box will appear at the bottom right of the page for configuration updates.

  7. Click Triger Update button for an immediate configuration update on all instances.

tip

Deleting a secure private network from your organization will also remove all users, groups, and peers from this overlay network.

Last updated on by Zenarmor