One of the first question we hear when presenting Access Gate to IT professional is “really, how do your overlay network works”?
I mean, being able to migrate assets to a secured network without rewiring is pretty appealing, right? Might even sound a bit like magic, or even marketing oversell?
The reality is much simpler, and relies on very standard IP network facilities (namely routing and bidirectional NAT). Let’s demystify how this works, and, if you are interested in installing Access Gate to secure your site, our team is just a click away.
While VLANs offered a solution for basic network segmentation, they've become a bottleneck in modern industrial environments where flexibility and visibility are critical for operational security.
Inflexible broadcast boundaries: Fixed VLAN sizing creates an all-or-nothing approach where some networks become congested with devices while others sit largely empty, wasting valuable address space.
Security blind spots: Same-VLAN devices communicate directly through switches, creating invisible traffic flows that completely circumvent centralized firewalls and monitoring infrastructure.
Operational overhead: Every network change demands manual VLAN reconfiguration, while broadcast traffic can destabilize industrial devices that weren't designed to handle high-volume network chatter.
An overlay network automatically assigns secure overlay addresses to every device, breaking free from VLAN broadcast domain limitations while eliminating the complex manual configuration that traditional network segmentation requires.
Dynamic overlay creation: Establishes a virtual network layer (like 100.64.0.0/16) that scales flexibly without the sizing constraints that plague traditional VLANs.
Transparent gateway intelligence: Seamlessly bridges your existing physical VLANs with a secure virtual network layer, routing traffic intelligently between both domains.
Zero-touch device integration: Industrial assets operate without any configuration changes while DNS automatically handles the translation to secure overlay addressing.
By migrating to the overlay, all communication flows through an Access Gate as an intelligent middleware layer, enabling authentication, encryption, and visibility without any physical infrastructure changes.
Centralized security enforcement: All traffic routes through an Access Gate, providing comprehensive authentication, access control, and real-time monitoring of industrial communications.
Zero-downtime migration path: Assets can be gradually moved to the secure overlay network without service interruptions or rewiring existing infrastructure.
Complete network lockdown transforms the physical infrastructure into a secure foundation. By implementing port isolation and targeted firewall rules, the underlying network becomes a controlled substrate where only authenticated overlay traffic can flow.
Switch-level isolation: Enable port isolation features to create physical barriers that prevent any direct device-to-device communication on the underlying network infrastructure.
Gateway-only traffic policies: Deploy stateful firewall rules that exclusively permit traffic originating from Access Gate, effectively making it the single point of network entry and control.
Zero-trust architecture: Establish a security model where every communication must traverse the monitored overlay, eliminating the possibility of unauthorized or unmonitored network access.