Provisioning a new Connector

Twingate Connectors run in a Docker container with a base Linux OS. (The container is hosted on Docker Hub, making deployment straightforward.)

  • If deploying on a Linux or Linux-compatible server or Virtual Machine, no special system privileges are required to run the container.
  • If using a container service like AWS ECS, Azure Containers, or Google Cloud Containers, you need to ensure that both Internet egress-only is allowed and that network traffic is routable from the container to the desired subnet(s) that hold the target Resources.

For a new Connector to be successfully provisioned, keep the following requirements in mind:

  • Outbound traffic to the Internet must be allowed. This allows the Connector to register itself with Twingate and provide a data path to Resources. Inbound traffic from the Internet is not required and not recommended for security reasons.
  • Network traffic must be routable from the Connector host machine to Resources. Typically this means enabling traffic routing to one or more destination subnets.
  • The Connector host must remain available. This host will serve as the local exit point for inbound traffic from authorized Twingate users and so it must always be available.

Updated 8 months ago

What's Next

Best Practices

Provisioning a new Connector

Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.