About Endpoints
An endpoint is any IP addressable device that is protected behind a BlastShield™ Gateway. Endpoints can be physically connected to a single gateway, or can be downstream from the gateway. The BlastShield™ Gateway is an in-line protection instance that connects endpoints to the BlastShield™ network. A Gateway is created by installing the BlastShield™ Gateway Instance on an x86 platform, cloud or virtual machine instance.
All Endpoints are configured on an associated Gateway, where the Gateway will address the Endpoint either by mac address, IP address (NAT) or by VLAN ID. Endpoints are added, removed and modified in the Orchestrator. Endpoint status information is logged and may be viewed on the Orchestrator or sent to a Syslog server.
 |
Endpoint Addressing Types
At the time of registration, endpoints will be assigned an invisible IP address within the BlastShield™ network. This address will be invisible to the network underlay. In order to accommodate different network topologies, endpoints can communicate with the BlastShield™ network via three methods. These methods are called "Addressing Modes" and are assigned when a new gateway is installed. The different endpoint addressing modes are explained below.
Endpoint Microsegmentation
The BlastShield™ Gateway provides microsegmentation of Endpoints at the network layer and can therefore render protected Endpoints completely invisible to unauthorised users. BlastShield™ uses logical groups to define sets of microsegmented Endpoints. the groups can be used in policy to provide zero-trust microsegemented access. An Endpoint may be provisioned to multiple groups, and groups may contain Endpoints from multiple locations, allowing for very flexible policy creation.