If No, upgrade is manual and an administrator must approve an upgrade before it can start.įor more information, see Upgrade Microsoft Tunnel. Servers report the status of this check as Internal network accessibility on the servers Health check tab.Īutomatically upgrade servers at this site: If Yes, servers upgrade automatically when an upgrade is available. Every five minutes, each server that's assigned to this site will attempt to access the URL to confirm that it can access your internal network. URL for internal network access check: Specify an HTTP or HTTPS URL for a location on your internal network. Server configuration: Use the drop-down to select a server configuration to associate with this Site. The IP address or FQDN must be resolvable in public DNS and the resolved IP address must be publicly routable. This IP address or FQDN can identify an individual server or a load-balancing server. Public IP address or FQDN: Specify a public IP address or FQDN, which is the connection point for devices that use the tunnel. On the Create a site pane, specify the following properties: Sign in to Microsoft Endpoint Manager admin center > Tenant administration > Microsoft Tunnel Gateway > select the Sites tab > Create. That configuration is applied to each server that joins the Site. You’ll assign a Server configuration to each Site you create. Sites are logical groups of servers that host Microsoft Tunnel. On the Review + create tab, review the configuration, and then select Create to save it. Use the following options to include or exclude addresses: Excluded addresses aren’t routed to Tunnel Gateway. Included addresses are routed to Tunnel Gateway. Because the standalone tunnel client requires use of UDP, only select the checkbox to disable UDP connections after you’ve configured your devices to use Microsoft Defender for Endpoint as the tunnel client app.Īlso on the Settings tab, configure Split tunneling rules, which are optional. Server port: Enter the port that the server listens to for connections.ĭNS servers: These servers are used when a DNS request comes from a device that's connected to Tunnel Gateway.ĭNS suffix search (optional): This domain is provided to clients as the default domain when they connect to Tunnel Gateway.ĭisable UDP Connections (optional): When selected, clients only connect to the VPN server using TCP connections. You can select any client IP address range you want to use if it doesn't conflict with your corporate network IP address ranges.If the client IP address range conflicts with the destination, it will loopback and fail to communicate with the corporate network.Consider using the Automatic Private IP Addressing (APIPA) range of 169.254.0.0/16, as this range avoids conflicts with other corporate networks.The Tunnel Client IP address range specified must not conflict with an on-premises network range. ![]() IP address range: IP addresses within this range are leased to devices when they connect to Tunnel Gateway. On the Settings tab, configure the following items: On the Basics tab, enter a Name and Description (optional) and select Next. Sign in to Microsoft Endpoint Manager admin center > Tenant administration > Microsoft Tunnel Gateway > select the Server configurations tab > Create new. Later, you’ll assign a Server configuration to a Site, which automatically applies that configuration to each server that joins that Site. The configuration includes IP address ranges, DNS servers, and split-tunneling rules. Use of a Server configuration lets you create a configuration a single time and have that configuration used by multiple servers. Run the Microsoft Tunnel readiness tool to confirm your environment is ready to support use of the tunnel.Īfter your prerequisites are ready, return to this article to begin installation and configuration of the tunnel.Review and Configure prerequisites for Microsoft Tunnel.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |