Installing a Corente Services Gateway behind an existing firewall on a private address is the most secure method for deploying a gateway in conjunction with existing network infrastructure. In this configuration, the gateway can be located closest to the client systems it is protecting.

See Figure 3.3, “Network Deployment Using a Corente Services Gateway Behind a Firewall” for an example of this deployment.

Figure 3.3 Network Deployment Using a Corente Services Gateway Behind a Firewall

Many customers use this configuration to securely connect individual LAN segments across wide areas. For example, connecting the finance department LAN in Chicago to the finance department LAN in Los Angeles. With this deployment, traffic is encrypted near the source, instead of at the network demarcation point, so it is protected on the LAN as well as other intervening networks.

Furthermore, by putting the gateway behind an existing firewall and using private addresses, the VPN gains the general benefits of NAT. The outside world has no visibility into the security of the VPN, since even the address of the VPN gateway is hidden from the public network.