Intranet node
An Intranet node is a generalization of the Internet node, and provides an additional synthetic device to connect separate sites (or local networks).
This is useful if a subset of sites is connected via intranet connections and another subset via internet connections. Using both internet and intranet nodes in a snapshot provides distinct devices that route paths between the sites.
The main features of an Intranet node are:
- Can be connected to one or many sites and will contain the subnet(s) of the site(s) it connects to.
- Can route public and/or private addresses.
- There can be multiple Intranet nodes in a Snapshot.
- Requires a user-provided device name.
An Intranet node can be added via the Forward Enterprise GUI or the Forward Enterprise REST APIs.
The parameters needed to add an Intranet node are the same as the ones for adding an Internet node.
A key difference with the Internet node is that public subnets not belonging to any site will NOT be located at any Intranet node.
Changes to the Intranet node will be applied to the next collected snapshot.
BGP advertisements to eBGP peers will be collected from gateway devices connected to an Intranet node that use ** BGP_ROUTES** subnet auto-discovery. For instructions on manually configuring or disabling collection of BGP advertisements, see the BGP Advertisement Configuration page.
Adding an Intranet node via the Forward Enterprise GUI
To add the Intranet node via the Forward Enterprise GUI, navigate to the Sources page, select the Synthetic devices tab, and click on Add synthetic device.
The wizard will guide you through the entire setup process.
Step 1: Select a device type
Select Intranet node from the list of synthetic devices available and click on Next.
Step 2: Configure the Intranet node
Provide a name and location. To configure one or more Connections, select + Add connections and choose one of the following options:
- Batch-add NQE-based connections
- Add a connection manually.
Batch-add NQE based connections
To add connections based on an NQE query, select Batch-add connections based on NQE query from the NQE query dropdown and select an existing NQE query to add.
To create a new query, click + Add new query from example, which will navigate to the NQE Library. Edit the new query in the NQE editor and commit it when finished. Return to the Synthetic Devices page to add the NQE query.
-
When an NQE query attached to an intranet node is modified, the system recomputes and saves the dynamic connections. These changes take effect in the next processed snapshot.
-
Upon processing a new snapshot, the system recalculates the results for all NQE queries linked to existing intranet nodes and updates the dynamic connections. These updates apply to the next processed snapshot.
Add a connection manually
To manually add a connection, select Add a connection manually, and provide the following:
- Uplink interface: Physical port connected to the synthetic device.
- VLAN (optional): VLAN for traffic leaving the uplink interface.
- Gateway interface (optional): Last L3 interface routing traffic to this synthetic device (defaults to the uplink interface with VLAN if not specified).
- Connection name (optional): Name for the connection.
- Site (optional): Select the site to which the connection belongs.
- Subnet auto-discovery: Select how site subnets are automatically inferred:
- Off: Site subnets are not inferred and must be manually entered in the "Subnets" field
- From IP routes: Site subnets are inferred from all routes in the connected gateway’s routing table
- From BGP routes: Site subnets are inferred only from BGP routes in the connected gateway’s routing table
- Use interface addresses: Use only the connection gateway’s interface addresses are used as site subnets.
- Backdoor ports (optional): Specify any additional backdoor ports.
Step 3: Edit and Review Connections
Added connection types are displayed within the table and include the following options:
Manage NQE based connections
- Change the query: Opens the Edit NQE based connections drawer to change the currently selected query.
- Delete all Deletes all NQE based connections.
+ Add Connections
- Batch-add NQE based connections: Click this option to add an NQE-based query to batch-add connections. Only one NQE query can be selected at a time, to include additional connections, edit the existing NQE query.
- Add a connection manually: Select this option to add a connection manually.
Editing manually added connections: To edit a connection, select the edit icon at the end of each row.
Deleting manually added connections: To delete a manually added connection, select the delete icon at the end of each row.
Select Save when ready.
Managing Intranet nodes
You can edit or delete an Intranet node by clicking on the Edit or Delete icon on the right side of the Synthetic devices page.
Newly added Intranet nodes, or any change to existing Intranet node, will be shown in the next collected snapshot:
Add an Intranet node via the Forward Enterprise REST APIs
An Intranet node can be added via the Forward Enterprise REST APIs via the endpoint
PUT: /api/snapshots/{snapshotId}/intranetnodes/{nodeName}.
Here is an example of the request body:
{
"intranetnodes": [
{
"name": "intranet",
"locationId": "8",
"connections": [
{
"gatewayPort": {
"device": "atl-fw01",
"port": "gi0/3"
},
"uplinkPort": {
"device": "atl-ce01",
"port": "ge-0/0/9"
},
"vlan": 100,
"name": "atl0/0",
"site": "atl",
"subnets": [
"123.223.47.0/24"
],
"subnetAutoDiscovery": "IP_ROUTES",
"peerIps": [
"1.1.1.1"
]
}
]
}
]
}
For more info on Intranet node APIs, including endpoints to add/remove connections and remove an Intranet node, please check the Synthetic Devices REST API docs.