Skip to content

GCP Ingress

The Valtix Gateway is deployed in a VPC to protect the internet facing applications. The Gateway acts as a Reverse Proxy. Users on the internet access the application via the Valtix Gateway. You configure the backend destination (the original application) as a proxy target on the Valtix Gateway. The proxy enables Valtix to decrypt TLS traffic and perform deep packet inspection. The proxied traffic to the backend/target can be sent as plain text HTTP, HTTPS, TCP or TLS.

  1. Naviagte to Manage -> Gateways -> Gateways
  2. Click Add Gateway
  3. Select the GCP account previously created
  4. Click Next

    Parameter Description
    Instace Type Choose the type from the drop down
    Minimum Instances Select the minimum number of instances that you plan to deploy. This is the minimum number of instances in each availability zone
    Maximum Instances Select the maximum number instances that you plan to deploy. This is the maximum number that is used for auto-scaling in each availability zone
    Health Check Port Default 65534. Port number used by Valtix Load Balancer to check the health of the instances. Datapath security group assigned to the instances must allow traffic on this port.
    Gateway Image Select the image from the dropdown
    Packet Capture Profile Packet capture profile used to store PCAP files. Can be edited later
    Diagnostics Profile Diagnostics profile used to store techsupport information.
    Log Profile Profile to forward logs to Splunk, Datadog or Syslog
  5. Click Next

    Parameter Description
    Type Ingress
    Policy Ruleset Select an existing ruleset or choose to create new one
    Region Region where the Gateway is deployed
    Service Account Email Select the Gateway service account email. Ensure that the Service Account has the necessary IAM roles: "Secret Manager Secret Accessor" and "Storage Object Creator"
    Datapath VPC Select the VPC to associate with the datapath interface of the Gateway
    Datapath Network Tag The tag assigned to the network interface of the Gateway in the datapath VPC
    Management VPC Select the VPC to associate with the management interface of the Gateway
    Management Network Tag The tag assigned to the network interface of the Gateway in the management VPC
  6. Select the Availability Zone, the Mgmt Subnet and the Datapath Subnet. The available subnets will be based on the VPC selected above. Gateways can be deployed into multiple Availability Zones by checking on the + icon.

  7. The Gateway deployment takes a few minutes to reach an Active state.