Cloud applications tend to use external public API’s. It can be difficult to control what is, and what is not, allowed to egress. Couple that with the transitional problems: external firewalls want fixed inbound IP rules, but the cloud has no fixed IP’s. You have a challenge. We have the solution. 


Kubernetes and public cloud can have 3 levels of address translation. The inbound load balancer does NAT. The Ingress does proxy. The sidecar does NAT. By the time a packet arrives at your service the source IP is itself. Learn how you can fix this without needing offline correlation of flows, making your existing audit and firewall rules work.

SSH. Secure. Over HTTPS.

Working from an airport or cafe WiFi that only allows HTTPS? Need to SSH to a host? Or maybe your corporate firewall doesn’t allow SSH.

Want to securely egress SSH from a Pod in Kubernetes but still have HTTPS inspection?

See how our gateway works. The SSH is end-to-end encrypted with no loss of security, and the convenience of HTTP in the middle.


SMTP. Secure Relay

Just installed Nagios or some other Unix-native tool that expects to be able to send email via SMTP? Does it need to vary the ‘from’ address? And you’ve installed it in the public cloud so you have no ‘whitelist’ IP to give your sysadmin to allow for open-relay on your external corporate email server? Have no fear. We can fix that, giving you a fixed IP with strong encryption and authentication, with no changes to your software or config. JWT + HTTPS + WebSocket.