Skip to main content

SureAccess

SureAccess is a secure VPN solution that ensures seamless and controlled connectivity to internal resources for Windows, macOS/iOS, and Android devices. By enforcing organization-defined access policies, SureAccess provides a robust mechanism to secure network traffic while allowing flexibility for IT administrators to configure access based on device type and enterprise needs.

Deployment Options: Choosing Between FE-only and FE + BE Configurations SureAccess provides flexible VPN deployment options to suit varying enterprise network requirements. Depending on your infrastructure and access control needs, you can choose between:

  • FE-only configuration
  • FE + BE configuration
note

The Front-End (FE) server is a required component in all SureAccess deployments. The Back-End (BE) server is optional and should be used only when internal/private resource access is needed.

FE-only Configuration

In an FE-only setup, device traffic is routed through the SureAccess cloud-based Front-End (FE) server. This option requires no additional server setup by the customer.

Recommended for:

  • Organizations without internal or on-premise resources.
  • Quick deployments with minimal infrastructure overhead.
  • Secure access to internet-facing or cloud-based services.

FE + BE Configuration

In this model, the FE server continues to act as the initial access point. However, traffic destined for internal enterprise resources is further routed to a customer-hosted Back-End (BE) server.

Recommended for:

  • Enterprises that require access to internal systems, such as file servers, intranet apps, or databases.

  • Organizations with specific compliance, auditing, or data residency requirements. IT teams that need greater control over traffic flow and routing.

Follow the steps below for detailed instructions on setting up and configuring SureAccess to enable VPN functionality within your organization:

note

“SureAccess” requires an add-on license subscription and is available for Premium and Enterprise tiers. Contact our sales team at sales@42gears.com for licensing inquiries or trial licenses.

  • For FE-only Configuration, skip Step 2

  • For FE+BE Configuration, all the steps apply

Step 1: Enable and Configure SureAccess Settings

  1. Navigate to Account Settings > Enterprise Integrations > SureAccess.

  2. Check Enable SureAccess to activate the VPN functionality.

  3. Enter following Configuration Details:

  • Enrollment PSK: This field will be auto-generated once the initial configuration is made. This key will be used during the installation of the SureAccess Gateway.

  • Approx BE Gateways: Specify the approximate number of Back-End (BE) gateways. The default value is 2.

  • Internal DNS Server: Enter the address of the internal DNS server. Multiple values can be entered.

  • Allowed FQDN List: List the Fully Qualified Domain Names (FQDNs) allowed to access the VPN.

  • Allowed CIDR List: Specify the Classless Inter-Domain Routing (CIDR) ranges allowed to access the VPN.

    Under Advanced Settings, configure the below optional settings to configure the Fully Qualified Domain Name (FQDN) and DNS server to resolve locally, without relying on the FE or the internet.

  • Local FQDN List: Specify the Fully Qualified Domain Names (FQDNs) that should be resolved using the local DNS server.

  • Local DNS Server: Enter the IP address of the DNS server to be used for resolving FQDNs listed in the Local FQDN List.

  1. Click Save to apply these settings.

    After a few minutes, the Status column in the Node Details tab will update to Running, indicating that the Front-End (FE) nodes have started successfully.

Step 2: Configure the SureAccess Gateway

Many organizations host critical resources, applications, or databases within their on-premises infrastructure. By utilizing a back-end server in a VPN setup, users can establish a secure connection to access these resources through a VPN tunnel.

  1. Access Node Details:
  • Go to the Node Details tab to proceed with the gateway setup.
  1. Download and Install the SureAccess Gateway:
  • Click Download SureAccess Gateway to download the installer. The downloaded file must be installed on the BE server on a Linux server machine using the Enrollment PSK generated from the SureAccess tab.
  1. Set up for the BE Node
  • Login to your Linux machine as an administrator
  • Run the SureAccess Gateway installer from the path where the file, installer.tar.gz is placed.

   Follow the on-screen instructions to complete the installation process:

  • Enter the SureMDM URL, and press Enter.
  • Enter your SureMDM Account ID, and press Enter.
  • Copy the secret key of Enrollment PSK from the SureAccess tab, paste it on the Linux machine, and then press Enter.
  • Enter a BE Node ID to register against an existing node. if you prefer not to initiate any specific node ID initially, leave it blank. The system will automatically select the one in the Not Started state.
  • In the Enter the Type of Server prompt, enter BE
  • Enter the Replica Count as 1 or a number of your choice.
  • A BE Node will be created.
  • Enter the Network Mask and press Enter.
  • Go back to the SureMDM Console’s Node Details tab and click on Refresh.
  • You should see the BE Node in the Running state.
  1. Start/Stop the Gateway Node
  • Select the node from the list and click Start Node/Stop Node to start or stop the SureAccess gateway.
  1. Your SureAccess Setup is now complete.

Step 3: Configure and Apply SureAccess Profile to Devices

note
  • This feature is supported only for Android devices with SureMDM Agent version >= 27.35.35.
  • This feature is supported only for Windows devices with SureMDM Agent version >= 5.26.0.
  1. Navigate to Profiles.
  • Go to Profiles and select the required platform Android/macOS/iOS/Windows.
  • Click Add

For Android, click Add > Google Play EMM API > Primary Profile, and configure the profile as described below:

  1. Configure VPN:

  • Select VPN payload and click Configure.

  • Check Enable SureAccess:

    • Allowed CIDR List: Specify the allowed CIDR ranges for VPN access.
    • Allowed FQDN List: Specify the allowed FQDNs for VPN access.
    • Allowed Applications List: Select the applications allowed to operate within the SureAccess VPN. Applications other than the specified applications will be blocked.
    • Blocked Applications List: Select the applications blocked from operating within the SureAccess VPN. Applications other than the specified applications will be allowed.

  1. Save and Apply the Profile:

    • Click Save to finalize the profile.
    • Navigate to Home and select the desired device.
    • Apply the SureAccess policy to the device.
    • The SureAccess application will be installed and enabled on the device.

Your SureAccess VPN configuration is now complete and applied to the selected device(s). All traffic to the allowed FQDNs (Fully Qualified Domain Names) or CIDR (Classless Inter-Domain Routing) ranges will now be routed through the configured VPN.