Introduction

The Bridge Gateway provides intelligent network bridging through automated virtual switch provisioning. This service eliminates manual firewall management to deliver self-service network control for hybrid cloud deployments.

Unlike traditional network gateways that require operations team involvement for every configuration change, our automated Bridge Gateway ensures instant provisioning and real-time rule management while maintaining enterprise-grade security and performance.

Key Features

Network Management

• Self-Service Firewall Control: Configure and modify firewall rules directly through the Cloud Portal without tickets or delays
• Automated Provisioning: Bridge Gateways deploy instantly as VMs with pre-configured network settings
• Real-time Traffic Monitoring: View comprehensive traffic logs with filtering by IP, subnet, and time range

Infrastructure Integration

• Many-to-Many Architecture: Connect multiple bare metal servers to multiple gateways for flexible network topologies
• Hybrid Cloud Bridging: Seamlessly integrate legacy bare metal systems with Virtual Data Center (VDC) resources
• VPC Integration: Native compatibility with existing Virtual Private Cloud configurations

Security and Compliance

• Enterprise Firewall Capabilities: Granular traffic control with allow rules, port management, and protocol filtering using deny-by-default security model
• Network Isolation: Maintain strict separation between environments while enabling controlled connectivity through explicit allow rules
• Audit Trail Management: Complete logging of all configuration changes and traffic patterns

Common Use Cases

Infrastructure Modernization

• Legacy System Integration: Connect existing bare metal infrastructure to cloud services without hardware changes
• Hybrid Cloud Architecture: Bridge physical and virtual environments for unified infrastructure management
• Data Center Migration: Gradually migrate workloads while maintaining connectivity between old and new systems
• Multi-Cloud Connectivity: Enable secure communication between different cloud environments and on-premises systems

High-Performance Applications

• Mission-Critical Workloads: Provide dedicated network pathways for applications requiring bare metal performance
• High-Performance Computing: Enable low-latency networking for GPU clusters and compute-intensive workloads
• Database Clustering: Connect distributed database systems across bare metal and cloud infrastructure
• Real-Time Processing: Support applications with strict latency requirements and high throughput needs

Compliance and Security

• Regulated Workloads: Maintain network isolation while enabling controlled connectivity for compliance requirements
• Financial Services: Meet strict security standards while enabling hybrid cloud operations
• Government Applications: Satisfy security clearance requirements with controlled network segmentation
• Enterprise Systems: Ensure regulatory compliance while connecting critical business systems to modern cloud platforms

Getting Started

Basic Bridge Gateway Setup for Development Environment

This example demonstrates creating your first Bridge Gateway for a development environment. You'll learn how to provision a gateway, configure basic firewall rules, and prepare for bare metal server connections while understanding the fundamental workflow.

Step 1: Prerequisites and Planning

Scenario: Your development team needs to connect a legacy application running on bare metal servers in Riyadh to cloud-based services. The application requires HTTPS access and database connectivity while maintaining security isolation from production systems.

Requirements Analysis:

• Security Requirements: Define explicit allow rules for required traffic, leveraging deny-by-default security model
• Network Requirements: HTTPS (port 443), and database access (port 3306) from development subnet
• Environment: Development environment with controlled access through explicit allow rules
• Timeline: Immediate deployment needed for upcoming sprint work

Resource Requirements:

• Active tenant account with Bridge Gateway creation privileges
• Development environment access in target region
• Planned IP address ranges for bare metal servers
• Firewall rule requirements documented

Step 2: Create Bridge Gateway

1. Navigate to Bridge Gateway Section
   1. Log into the Cloud Portal
   2. Navigate to Network → Bridge Gateways
   3. Verify you see the Bridge Gateways listing page with Create button
2. Initiate Gateway Creation
   1. Click the Create button in the top-right corner
   2. Confirm you see the Bridge Gateway creation form
   3. Expected interface shows Region, Environment, VPC, and Subnet fields
3. Configure Basic Settings
   1. Region: Select “Riyadh” from the dropdown menu
   2. Environment: Select any development environment from the dropdown menu
   3. VPC: Choose SSA VPC from available options
   4. Subnet: Select a predefined subnet within the selected VPC from the dropdown menu

Step 3: Review Network Configuration

1. Verify Automatic Assignments
   1. Subnet Assignment: Choose an available subnet from the selected VPC
   2. Private IP: Note the assigned IP address after successfully creating the bridge gateway
   3. Virtual IP Pool: Review the allocated virtual IP range for future bare metal connections
   4. Expected format: Gateway receives private IP for management, pool shows list of available private IPs within the selected subnet.
2. Validate Configuration
   1. Confirm all settings match your requirements
   2. Verify subnet doesn't conflict with existing infrastructure
   3. Document assigned IPs for future reference

Step 4: Submit Creation Request

1. Final Review and Creation
   1. Review configuration summary
   2. Click Create Bridge Gateway button
   3. Monitor status indicator showing provisioning progress
2. Validate Successful Creation
   1. Confirm gateway appears in Bridge Gateways listing
   2. Status shows as "Active" with green indicator
   3. Gateway details page accessible by clicking gateway name

Step 5: Configure Initial Firewall Rules

1. Access Firewall Management
   1. Navigate to your newly created gateway details page
   2. Click Firewall Rules tab
   3. Verify you see empty rules list ready for configuration
2. Create HTTPS Rule
   1. Click Add Rule button
   2. Direction : Incoming
   3. Policy Type: NET -> SSA (for public internet access)
   4. Sources: 0.0.0.0/0 (any source for development), or a specific Public IP range of your headquarter (recommended) 
   5. Destinations: Your gateway subnet
   6. Services: HTTPS (port 443) from predefined services list
   7. Description: “Allow HTTPS traffic from internet to development servers”

Step 6: Configure Database Access

1. Create Internal Database Rule
   1. Direction: Incoming
   2. Policy Type: SSA -> SSA (internal network communication)
   3. Sources: Your application subnet range (e.g., 10.10.0.0/16)
   4. Destinations: Database server IPs
   5. Services: MySQL (port 3306) from predefined services list
   6. Description: “Allow application servers to access MySQL database”
2. Configure On-Premises Connectivity
   1. Direction: Incoming
   2. Policy Type: ON-PREM -> SSA (if connecting to on-premises systems)
   3. Sources: On-premises network range
   4. Destinations: Database servers
   5. Services: Custom protocol/port if needed
   6. Description: "Allow on-premises systems to access cloud databases"

Step 7: Test and Validate Configuration

1. Verify Rule Creation
   1. Confirm all allow rules appear in firewall rules list
   2. Check rule parameters match intended configuration
   3. Validate policy types correctly reflect network architecture
       

General Bridge Gateway Creation Summary

For All Use Cases:

1. Planning and Prerequisites - Assess network requirements, security policies, and define necessary allow rules for deny-by-default architecture
2. Gateway Provisioning - Configure basic settings and review automatic network assignments for accuracy
3. Firewall Configuration - Implement explicit allow rules following least-privilege principles within deny-by-default security model
4. Validation and Testing - Confirm gateway functionality, verify only authorized traffic flows are permitted through allow rules

Important Notes:

• Bridge Gateway uses deny-by-default security model - only configure allow rules for required traffic
• Firewall rule changes take effect immediately without service interruption
• Contact technical support for assistance with complex multi-gateway architectures or compliance requirements

Related Documentation

Configuration and Setup

• Bare Metal Server User Guide - Complete guide for requesting and managing bare metal servers
• Firewall Rules Reference - Advanced firewall configuration options and rule syntax