Im testing the remote VM (web server) to be inaccesible from any sources except netfoundry.
I already tried subnet but the server not able to respond, it shows timeout though it manage to detect incoming request.
Is there a missing info, like additional IP can be configured? Because Im assuming the firewall info to setup firewall rule should be enough.
If i set the remote VM firewall to 0.0.0.0/0 then it can send a response to client request.
Note that, im configuring the VM on google.
Update: I figured that If I specify non NF ip Ex. my own ip on firewall rule, the remote VM can send a response.
The ideal usecase is that, the remote VM does not process any request only via ziti environment.
The firewall information listed is for whitelisting IP's out of a network. Many users have restrictive exit policies and have to specifically allow the connections to the controller and routers, as they cannot be intercepted by HTTPS inspection systems for data loss prevention and other tools used in a lot of enterprise environments.
If you have a web server you want to allow only Ziti access to, you have a couple of options. You can place a Ziti Edge Tunneler (ZET) on the server, and configure a service to be hosted by that tunneler, you can place an Edge Router on the same network as the web server and configure it there, served across the LAN, or you can use Caddy to serve the web server and configure it in the software.
You may want to review these videos as well. They are specific to a couple of environments, but regardless, they should help you get a good understanding of the various steps required for such a configuration. https://support.netfoundry.io/hc/en-us/articles/6650765671053-Getting-Started-with-NetFoundry-Video-guide-to-connect-app-on-AWS-from-an-on-prem-edge-router-and-an-endpoint
Thank you! appreciate the resources that you provided. I was able to configure the server to only communicate via openziti network. Here's the video I created. Youtube Video