Create an Egress Policy
Egress policies are required only if a Gateway endpoint requires external network access.
Egress policies allow you to control external network access for Gateway endpoints which are isolated behind a Gateway. This enables endpoints to connect to external entities, for example to download a software update or to connect to an NTP server.
The Egress Policy menu in the Orchestrator allows policies for external network access to be configured on a per-endpoint group basis, where the groups are defined in the Orchestrator Groups menu. Allowed destinations may be defined either by network prefix or by DNS names and the policy may be further controlled by specifying an allowed service. An egress policy may be enabled or disabled from the Orchestrator if the external network access is only temporary.
From within the Orchestrator, select Egress Policies from the left Menu.
Select the red "Add New Policy" icon.
Enter a name for the new Policy.
Check the Policy Enabled box to enable the policy and continue with the configuration.
Select the desired endpoint Groups to be associated with the new Egress Policy in the Endpoint Groups dropdown box
Select any optional Services groups to be associated with the new Policy in the Services dropdown box.
If you want to allow external DNS queries in the policy, then check the Allow all DNS queries box.
Specify the allowed destinations for the Egress Poicy as required using the following options:
In the Allowed Prefixes box, define an allowed external IP address and prefix
in the Allowed DNS Names box, define an allowed external DNS name.
To allow recursive DNS queries, check the Recursive box.
Click Save Changes to save the new Egress Policy.