Reference Architectures for the Access Gate.
A library of validated network topologies for deploying the Trout Access Gate in real environments. Each architecture covers base topology, traffic flows, and key configuration points.
Single Gateway Architecture.
Deploy the Access Gate in-line so it carries your VLANs and trunks and acts as the gateway, for the fullest coverage. Or deploy it alongside your existing gateway (Firewall & Router) as the low-impact option. Both add zero-trust enforcement.
View ArchitectureDouble Gateway IT & OT. Defense In-Depth.
Extend protection into both IT and OT domains using two coverage modes. Granular traffic control for north-south and east-west flows.
View ArchitectureMulti-Site. Distributed Deployments
Connect multiple facilities over secure tunnels. Extend enclaves between sites automatically.
View ArchitectureSecure Remote Access. Tailscale + Access Gate.
PAM-grade remote access with Tailscale encrypted tunnels and Access Gate session brokering. MFA, micro-segmentation, and full audit trail.
View ArchitectureBuilt for Real Industrial Networks.
Every architecture is designed around the constraints of operational environments. No downtime, no agents, and you choose the footprint: full in-line carry for the widest coverage, or low-impact adjacent.
Flexible Deployment
Deployed in-line, the Access Gate can carry your VLANs and trunks and act as the machines' gateway, for the fullest coverage and control, even on sites without managed switches. Prefer minimal impact? It also deploys adjacent via routes and DNS, with no VLAN changes. Both are fully supported.
Traffic Flow Coverage
Each architecture documents north-south (VPN ingress) and east-west (lateral) flows, so you know exactly how traffic moves and where enforcement happens.
Incremental Adoption
Start with OT-only coverage and extend to IT. Or deploy single-site and expand to multi-site. Each architecture is a stepping stone, not a full replacement.
Multi-Site Ready
The multi-site architecture shows how enclaves extend across WAN links, giving you unified policy and visibility without a central cloud dependency.
Configuration Guidance
Every diagram includes key configuration points: what to connect, how to route traffic, and which policies to apply at the Access Gate level.
Software VNF, Services Platform
The Access Gate is software: a VNF (virtualized network function) that runs as a VM on x86 hardware you already own. Security is decoupled from proprietary hardware, so the same host also runs the secure services that pull OT in: remote access, protocol gateways, DNS and time, file sharing, historian and dashboards, and an update server. It is a platform, not just an appliance.
Latest from Trout Software.
TAG Reference Architectures
A library of validated network topologies for deploying the Trout Access Gate in real environments. Each architecture covers base topology, traffic flows, and key configuration points.

