Twingate Connectors run in a Docker container with a base Linux OS. (The container is hosted on Docker Hub, making deployment straightforward.)
- If deploying on a Linux or Linux-compatible server or Virtual Machine, no special system privileges are required to run the container.
- If using a container service like AWS ECS, Azure Containers, or Google Cloud Containers, you need to ensure that both Internet egress-only is allowed and that network traffic is routable from the container to the desired subnet(s) that hold the target Resources.
For a new Connector to be successfully provisioned, keep the following requirements in mind:
- Outbound traffic to the Internet must be allowed. This allows the Connector to register itself with Twingate and provide a data path to Resources. Inbound traffic from the Internet is not required and not recommended for security reasons.
- Network traffic must be routable from the Connector host machine to Resources. Typically this means enabling traffic routing to one or more destination subnets.
- The Connector host must remain available. This host will serve as the local exit point for inbound traffic from authorized Twingate users and so it must always be available.
Updated 8 months ago
What's Next
Best Practices |