Twingate Connectors run in a Docker container with a base Linux OS. (The container is hosted on Docker Hub, making deployment straightforward.)

• If deploying on a Linux or Linux-compatible server or Virtual Machine, no special system privileges are required to run the container.
• If using a container service like AWS ECS, Azure Containers, or Google Cloud Containers, you need to ensure that both Internet egress-only is allowed and that network traffic is routable from the container to the desired subnet(s) that hold the target Resources.

For a new Connector to be successfully provisioned, keep the following requirements in mind:

• Outbound traffic to the Internet must be allowed. This allows the Connector to register itself with Twingate and provide a data path to Resources. Inbound traffic from the Internet is not required and not recommended for security reasons.
• Network traffic must be routable from the Connector host machine to Resources. Typically this means enabling traffic routing to one or more destination subnets.
• The Connector host must remain available. This host will serve as the local exit point for inbound traffic from authorized Twingate users and so it must always be available.