External Networking Routing Rules

An overview of the Routing Rules policy for the Edges inside of the Byos network


Byos has a number of external network routing rule policy configurations that govern how the traffic moves between Byos Secure Edge microsegments, the internet, and the Secure Lobby Overlay itself.

Notion image

As a reminder, these policies can be applied to different groups, and all Byos Secure Edges in the group will receive the same policy.

Internet Access

This setting governs whether or not the Edges in the Group have access to the internet.

Secure Lobby Connection

This setting means the Edge will establish a connection to Secure Lobby as soon as it boots up.

Allow Outbound Access to Secure Lobby

This setting will allow bidirectional traffic between the Edge and Secure Lobby.

Route All Traffic through Secure Lobby

This setting routes all traffic (Internet and Management Console traffic) through the Overlay before reaching the internet.

This is the most secure configuration as no packets will touch the public internet before going through the controlled Byos Secure Lobby exit node.

Outbound Access to LAN

This setting allows the Assets inside the Edge’s microsegment to talk outbound to other devices on the LAN.

How will traffic flow in the network with different routing rule sets?

Scenario A: Internet + LAN Access

Notion image

Scenario B - Internet + Inbound SL + LAN

Notion image

Scenario C: Internet + Inbound & Outbound SL + LAN

Notion image

Scenario D: Full SL Routing to Internet + No Access to LAN

Notion image

Scenario E: No Internet + Full SL Routing + No Access to LAN

Notion image

Scenario F: No Internet + Inbound SL Routing + No Access to LAN

Notion image

Scenario G: No traffic allowed

Notion image
Did this answer your question?

Last updated on May 31, 2023