About Access Gateway support VPN

The Support VPN:

  • Is a mechanism used by Okta to access a client Access Gateway appliance.
  • Can only be used by select members of Okta support, professional services, and Access Gateway engineering teams.
  • Requires an Okta access API token during configuration.
  • Requires that client firewalls allow outgoing TCP traffic on port 443.
    See Prerequisites for deploying Access Gateway for a complete list of all ports and protocols used by Access Gateway.
  • Is enabled by default.

The Support VPN is used to access client appliance instances using a support only VPN and a public key/private key encryption.

Access Gateway Support VPN Architecture

What can be done using the Support VPN

When connected to a client Access Gateway appliance, Okta has three forms of access:

  • Administer - Okta support staff can sign in and execute operations using the Access Gateway Admin UI console to perform normal administration activities.
  • Command line - Okta support staff can use theAccess Gateway Management console tool to connect to and execute commands to enhance , diagnose or correct instance issues.
  • File transfer - Okta support staff can copy files to and from the Access Gateway appliance to upload and capture configuration, logs, and similar information.

Manage the Support VPN

The support VPN can be managed:

Tunnel IP address

When Access Gateway connects to the support VPN a specific IP address is assigned.

The Support VPN tunnel ip address is displayed on the support page in the Tunnel IP field.

To determine the currently assigned Tunnel IP address:

  1. Sign in to the Access Gateway Admin UI console.

  2. Select the Support tab.
  3. Examine the page to determine the assigned Tunnel IP address.

Drawbacks of disabling the Support VPN

While enabled by default, customers have the capability of disabling the support VPN.
Care should be taken when disabling the support VPN. When disabled, Okta cannot:

  • Provide enhanced support or other professional services.
  • Troubleshoot, repair, or examine a client appliance.
  • Download logs or configuration files.

Related topics

Support Connection in Command Line Management Console reference.

Administer the Access Gateway support VPN