Skip to content

Bridge Gateway

Bridge Gateway provides network bridging through automated virtual switch provisioning. It is designed for hybrid cloud deployments that need controlled connectivity between bare metal systems and Virtual Data Center resources.

Introduction

Bridge Gateway removes the need for manual firewall management for every configuration change. It supports self-service provisioning and real-time firewall rule management while maintaining explicit traffic control.

Key Features

Area Feature Description
Network management Self-service firewall control Configure and modify firewall rules directly through Cloud Portal.
Network management Automated provisioning Deploy Bridge Gateways as VMs with preconfigured network settings.
Network management Traffic monitoring View traffic logs with filtering by IP, subnet, and time range.
Infrastructure integration Many-to-many architecture Connect multiple bare metal servers to multiple gateways.
Infrastructure integration Hybrid cloud bridging Integrate bare metal systems with VDC resources.
Infrastructure integration VPC integration Use Bridge Gateway with existing VPC configurations.
Security and compliance Firewall capabilities Configure allow rules, ports, and protocols with a deny-by-default model.
Security and compliance Network isolation Maintain separation between environments while allowing explicit connectivity.
Security and compliance Audit trail management Log configuration changes and traffic patterns.

Use Cases

Category Use cases
Infrastructure modernization Legacy system integration, hybrid cloud architecture, data center migration, and multi-cloud connectivity.
High-performance applications Mission-critical workloads, high-performance computing, database clustering, and real-time processing.
Compliance and security Regulated workloads, financial services, government applications, and enterprise systems.

Getting Started

The example scenario uses a development environment where a team needs to connect a legacy application on bare metal servers in Riyadh to cloud-based services, with HTTPS access and database connectivity.

Plan the Gateway

Before creating the gateway, identify:

  • Security requirements and explicit allow rules.
  • Network requirements, such as HTTPS on port 443 and database access on port 3306.
  • The target development environment.
  • Planned IP ranges for bare metal servers.
  • Required firewall rules.

You need an active tenant account with Bridge Gateway creation privileges and access to the target environment.

Create the Bridge Gateway

  1. Log in to Cloud Portal.
  2. Open Network.
  3. Open Bridge Gateways.
  4. Click Create.
  5. Fill in the required fields.
  6. Create the Bridge Gateway.
Field Example value
Region Riyadh
Environment A development environment
VPC SSA
Subnet A predefined subnet within the selected VPC

Review Network Configuration

After creation, review and record:

  • The selected subnet.
  • The assigned private IP address.
  • The virtual IP pool.
  • Any IP ranges required for future bare metal connections.

Tip

Check that the subnet does not conflict with existing infrastructure before using the gateway in a wider environment.

Configure Initial Firewall Rules

Open the Bridge Gateway details page and use the Firewall Rules tab to add explicit allow rules.

Example HTTPS rule:

Setting Value
Direction Incoming
Policy Type NET -> SSA
Sources 0.0.0.0/0 for development, or a specific public IP range for headquarters access
Destinations Gateway subnet
Services HTTPS, port 443
Description Allow HTTPS traffic from internet to development servers

Warning

Bridge Gateway uses a deny-by-default model. Add only the allow rules required for the traffic you intend to permit.

Configure Database Access

Example internal database rule:

Setting Value
Direction Incoming
Policy Type SSA -> SSA
Sources Application subnet range, for example 10.10.0.0/16
Destinations Database server IPs
Services MySQL, port 3306
Description Allow application servers to access MySQL database

If connecting to on-premises systems, use ON-PREM -> SSA as the policy type and enter the on-premises network range as the source.

Validate the Configuration

  1. Confirm that all allow rules appear in the firewall rules list.
  2. Check that rule parameters match the intended configuration.
  3. Confirm that policy types match the network architecture.

General Bridge Gateway Creation Summary

Phase What to do
Planning and prerequisites Assess network requirements, security policies, and required allow rules.
Gateway provisioning Configure basic settings and review automatic network assignments.
Firewall configuration Add explicit allow rules using least-privilege principles.
Validation and testing Confirm the gateway works and only authorized traffic is permitted.

Important Notes

  • Bridge Gateway uses a deny-by-default security model.
  • Firewall rule changes take effect immediately without service interruption.
  • Contact technical support for complex multi-gateway architectures or compliance requirements.
  • Bare Metal Server User Guide
  • Firewall Rules Reference