Connection modes

Transparent

In transparent mode, users connect to destination server using given server’s IP address.

../../_images/deployment_transparent.png

Gateway

In gateway mode, users connect to destination server using the server’s actual IP address. Wheel Fudo PAM mediates connection with the server using own IP address. This ensures that the traffic from the server to the user goes through Wheel Fudo PAM.

../../_images/deployment_gateway.png

Proxy

In proxy mode, administrator connects to destination server using combination of Wheel Fudo PAM IP address and unique port number assigned to given server. Uniqueness of this combination enables establishing connection with a particular resource.

../../_images/deployment_proxy.png

Such approach enables concealing actual IP addressing and allows configuring servers to only accept requests sent from Wheel Fudo PAM.

Bastion

In bastion mode, the account on the target host is specified within the string identifying the user, e.g. ssh john_smith#admin@10.0.0.8. This enables facilitating access to a group of monitored servers through the same IP address and port number combination.

../../_images/deployment_bastion.png

Note

  • The bastion mode is supported when connecting over SSH, RDP, VNC, Telnet or Telnet 3270 protocols.
  • In case the specified account is not found, Wheel Fudo PAM will try to match the name with a server object.

Related topics: