![]() You’ll assign a Server configuration to each Site you create. Sites are logical groups of servers that host Microsoft Tunnel. However, you can modify the session timeout value along with other server configuration settings using graph calls (microsoftTunnelConfiguration). Use the following options to include or exclude addresses:īy default, each VPN session will stay active for only 3,600 seconds (one hour) before it disconnects (a new session will be established immediately in case the client is set to use Always On VPN). Excluded addresses aren’t routed to Tunnel Gateway. ![]() Included addresses are routed to Tunnel Gateway. Because the standalone tunnel client requires use of UDP, only select the checkbox to disable UDP connections after you’ve configured your devices to use Microsoft Defender for Endpoint as the tunnel client app.Īlso on the Settings tab, configure Split tunneling rules, which are optional. Server port: Enter the port that the server listens to for connections.ĭNS servers: These servers are used when a DNS request comes from a device that's connected to Tunnel Gateway.ĭNS suffix search (optional): This domain is provided to clients as the default domain when they connect to Tunnel Gateway.ĭisable UDP Connections (optional): When selected, clients only connect to the VPN server using TCP connections. You can select any client IP address range you want to use if it doesn't conflict with your corporate network IP address ranges.If the client IP address range conflicts with the destination, it will loopback and fail to communicate with the corporate network.Consider using the Automatic Private IP Addressing (APIPA) range of 169.254.0.0/16, as this range avoids conflicts with other corporate networks.The Tunnel Client IP address range specified must not conflict with an on-premises network range. IP address range: IP addresses within this range are leased to devices when they connect to Tunnel Gateway. On the Settings tab, configure the following items: On the Basics tab, enter a Name and Description (optional) and select Next. Sign in to Microsoft Intune admin center > Tenant administration > Microsoft Tunnel Gateway > select the Server configurations tab > Create new. Later, you’ll assign a Server configuration to a Site, which automatically applies that configuration to each server that joins that Site. The configuration includes IP address ranges, DNS servers, and split-tunneling rules. Use of a Server configuration lets you create a configuration a single time and have that configuration used by multiple servers. Run the Microsoft Tunnel readiness tool to confirm your environment is ready to support use of the tunnel.Īfter your prerequisites are ready, return to this article to begin installation and configuration of the tunnel.Review and Configure prerequisites for Microsoft Tunnel.Depending on your environment and infrastructure, additional configurations and software like Azure ExpressRoute might be needed.īefore you start installation be sure to complete the following tasks: To Install Microsoft Tunnel Gateway, you’ll need at least one Linux server with Docker installed, which runs either on-premises or in the cloud.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |