Transfer: XQ Zero Trust Data Protection Gateway - Part 2

Configuring Your First Gateway

Hello and welcome to XQ, this is the second part of a multi-part tutorial series on deploying and managing XQ’s Secure Gateway. In this video, we will cover configuring your first XQ Secure Gateway.

General Features

1. First, navigate to gateway.xqmsg.com and log in using a magic link or single sign-on.

2. Select the “Gateways” option in the left-hand side navigation menu and click the “Create Gateway” button.

3. Input a name for your gateway and click the create gateway button.

4. In the general features menu, input a Connection IP for the gateway - the connection IP will be the publicly accessible IP address of the gateway we are creating. The public IP is identified by navigating to https://www.whatsmyip.org/.

5. Additionally, you can optionally input “Tag(s),” which are used to easily identify the gateway, comma-separated local IPs, and select the gateway's logging level.

6. The “Is Private” toggle controls whether or not this configuration is viewable by other team members.

7. The server settings should remain the same unless you are currently utilizing your own backend deployment of XQ, in which case you will need to adjust the URLs to your corresponding deployment.

8. Click Next and begin creating and configuring your inbound routes.

Configuring Route(s)

1. Input a name for the inbound route, followed by the Routing Type.

2. Specify whether this route uses standard or raw transports and which Encryption Algorithm you would like to use.

3. Input the Listen IP for this specific route, for standard transports, 0.0.0.0 may be used to listen on all incoming interfaces. For raw transports omitting this value will listen to all the traffic on an interface.

4. Followed by Inputting the network port and listening interface.

5. Update the Key Recycling, Lifetime, and Lifetime Units according to your preferences - The Key Recycling field is the amount of time in seconds before a new key is utilized. The Lifetime and Lifetime Unites of a key impact the expiry time of the key policy.

6. Input a number for the number of concurrent connections permitted for this route, if you want to filter traffic based on a specific VLAN id, input that number into the VLAN Filter input.

7. Lastly, input the recipient gateway devices that can decrypt the outgoing transmission - this can be set to xq.public to allow all gateways to decrypt the traffic, or you can input specific devices in the format of Device_Name-Local_IP@Team_ID.trusted.local followed by clicking next.

Configuring Mapping(s)

1. Similar to the Route configuration, input a Title for the Output mapping as well as the transport type, and Protocol. 

2. If you want to specify the “Source Device” for this mapping, you can do so here.

3. Input the Target IP for this output mapping; this is the publicly accessible IP address of the destination gateway and the outgoing destination port, and click save.

Download(s)

1. Navigate to the download section by clicking on Download in the left-hand navigation pane.

2. Select the Ubuntu 22.04 LTS option in the Binary Platform dropdown menu, followed by selecting Generate new keys in the API keys dropdown menu.

3. Lastly, select your newly created Gateway Config from the dropdown menu, provide a name for your newly generated application keys, and click download now.

You are now ready to deploy your first Gateway.