Bridge Gateway
Bridge Gateway provides network bridging through automated virtual switch provisioning. It is designed for hybrid cloud deployments that need controlled connectivity between bare metal systems and Virtual Data Center resources.
Introduction
Bridge Gateway removes the need for manual firewall management for every configuration change. It supports self-service provisioning and real-time firewall rule management while maintaining explicit traffic control.
Key Features
| Area | Feature | Description |
|---|---|---|
| Network management | Self-service firewall control | Configure and modify firewall rules directly through Cloud Portal. |
| Network management | Automated provisioning | Deploy Bridge Gateways as VMs with preconfigured network settings. |
| Network management | Traffic monitoring | View traffic logs with filtering by IP, subnet, and time range. |
| Infrastructure integration | Many-to-many architecture | Connect multiple bare metal servers to multiple gateways. |
| Infrastructure integration | Hybrid cloud bridging | Integrate bare metal systems with VDC resources. |
| Infrastructure integration | VPC integration | Use Bridge Gateway with existing VPC configurations. |
| Security and compliance | Firewall capabilities | Configure allow rules, ports, and protocols with a deny-by-default model. |
| Security and compliance | Network isolation | Maintain separation between environments while allowing explicit connectivity. |
| Security and compliance | Audit trail management | Log configuration changes and traffic patterns. |
Use Cases
| Category | Use cases |
|---|---|
| Infrastructure modernization | Legacy system integration, hybrid cloud architecture, data center migration, and multi-cloud connectivity. |
| High-performance applications | Mission-critical workloads, high-performance computing, database clustering, and real-time processing. |
| Compliance and security | Regulated workloads, financial services, government applications, and enterprise systems. |
Getting Started
The example scenario uses a development environment where a team needs to connect a legacy application on bare metal servers in Riyadh to cloud-based services, with HTTPS access and database connectivity.
Plan the Gateway
Before creating the gateway, identify:
- Security requirements and explicit allow rules.
- Network requirements, such as HTTPS on port
443and database access on port3306. - The target development environment.
- Planned IP ranges for bare metal servers.
- Required firewall rules.
You need an active tenant account with Bridge Gateway creation privileges and access to the target environment.
Create the Bridge Gateway
- Log in to Cloud Portal.
- Open Network.
- Open Bridge Gateways.
- Click Create.
- Fill in the required fields.
- Create the Bridge Gateway.
| Field | Example value |
|---|---|
| Region | Riyadh |
| Environment | A development environment |
| VPC | SSA |
| Subnet | A predefined subnet within the selected VPC |
Review Network Configuration
After creation, review and record:
- The selected subnet.
- The assigned private IP address.
- The virtual IP pool.
- Any IP ranges required for future bare metal connections.
Tip
Check that the subnet does not conflict with existing infrastructure before using the gateway in a wider environment.
Configure Initial Firewall Rules
Open the Bridge Gateway details page and use the Firewall Rules tab to add explicit allow rules.
Example HTTPS rule:
| Setting | Value |
|---|---|
| Direction | Incoming |
| Policy Type | NET -> SSA |
| Sources | 0.0.0.0/0 for development, or a specific public IP range for headquarters access |
| Destinations | Gateway subnet |
| Services | HTTPS, port 443 |
| Description | Allow HTTPS traffic from internet to development servers |
Warning
Bridge Gateway uses a deny-by-default model. Add only the allow rules required for the traffic you intend to permit.
Configure Database Access
Example internal database rule:
| Setting | Value |
|---|---|
| Direction | Incoming |
| Policy Type | SSA -> SSA |
| Sources | Application subnet range, for example 10.10.0.0/16 |
| Destinations | Database server IPs |
| Services | MySQL, port 3306 |
| Description | Allow application servers to access MySQL database |
If connecting to on-premises systems, use ON-PREM -> SSA as the policy type and enter the on-premises network range as the source.
Validate the Configuration
- Confirm that all allow rules appear in the firewall rules list.
- Check that rule parameters match the intended configuration.
- Confirm that policy types match the network architecture.
General Bridge Gateway Creation Summary
| Phase | What to do |
|---|---|
| Planning and prerequisites | Assess network requirements, security policies, and required allow rules. |
| Gateway provisioning | Configure basic settings and review automatic network assignments. |
| Firewall configuration | Add explicit allow rules using least-privilege principles. |
| Validation and testing | Confirm the gateway works and only authorized traffic is permitted. |
Important Notes
- Bridge Gateway uses a deny-by-default security model.
- Firewall rule changes take effect immediately without service interruption.
- Contact technical support for complex multi-gateway architectures or compliance requirements.
Related Documentation
- Bare Metal Server User Guide
- Firewall Rules Reference