A unique feature of Corente Cloud Services Exchange is the ability to establish connections between gateways when each is assigned a private address behind a firewall. This set up occurs frequently in business-to-business connections where business partners are establishing connections through each of their existing security infrastructures.

For each pair of gateways, at least one must be reachable inbound on TCP port 551, as well as on UDP port 551. Note that in a hub and spoke topology (a typical extranet design), only the hub location requires an inbound firewall port to be opened. In each remote spoke site, a gateway behind an unmodified firewall can initiate outbound TCP connections to the hub gateway that is behind the modified firewall.

A remote Corente Cloud Services Exchange IPSec Client can only initiate (not terminate) tunnels. Therefore, any associated gateways that are behind firewalls must have inbound port 551 requests assigned to them.