Private Company Gateway Admin Overview

The Private Company Gateway (PCG) ensures that web traffic from applications and websites open in Blue Border is encrypted and secure when being routed to and from external networks such as the public internet or the company’s corporate network. Learn more about Venn's data flow.

Each company's Private Company Gateway uses a set of fixed public IP addresses for all network traffic within Blue Border. As a Company Manager, you can view and manage your PCG IP addresses and provision new IP addresses on the Private Company Gateway page in Company Admin.

How PCG IP Addresses Work

Your PCG uses a set of fixed public IP addresses for all network traffic within Blue Border. These IP addresses are exclusive to your company. 

You can provision dedicated IP addresses for the All Users group, which will apply to all Venn users by default. If needed, you can also provision dedicated IP addresses for specific user groups in Venn, which will supersede the All Users configurations for users in the applicable group. Within each group, you can determine which region(s) to provision IP addresses for. Users will be routed to the closest regional POP based on their location when they are accessing Venn.

Once you have provisioned PCG IP addresses, you can use them to enforce Web (DNS) Filtering by IP address and you can configure your business applications so that they can only be accessed from your PCG IP addresses.

If a website or other network resource does not load for some or all of your users inside Venn, first confirm the following:

  • the user(s) have a strong internet connection
  • the resource it is not being blocked by your Web Policies
  • you have not configured the software in such a way that access is blocked or restricted

Website loading issues in Blue Border are typically caused by the factors above. It is extremely rare for the number of IP addresses you have provisioned or the regions where you have them provisioned to cause website loading issues. Reach out to support before provisioning new IP addresses to try to solve website loading issues.

PCG IP Address Best Practices

We recommend that companies use the All Users group to create a baseline PCG configuration with two IP addresses in any region where you have a hub of employees. This setup will provide the best coverage and failover options. In many cases, that configuration will be sufficient.

You may want to provision separate IP addresses for a specific group of users for the following reasons:

  • If you or a client have strict network segmentation requirements, you may want to control which users can access sensitive resources by assigning them specific PCG IP addresses.
  • Venn allows you to set a Web (DNS) Filtering Policy that is applied by PCG IP address. Any group that has PCG IP addresses provisioned will have unique domain and content restrictions.
    • If you need to restrict access to specific URLs or IP addresses for a group, you may want to leverage the Web Proxy Policy instead, which relies on the local web proxy included in Blue Border rather than IP addresses. Learn more about Web Policies.

Typically, the default of two IP addresses per region with a hub of employees per group is sufficient. However, you may want to add more than two IP addresses if you have a very large number of users (thousands) who will be regularly connecting to external networks within a group/region combination.

Follow the steps below to adjust your company's PCG configurations and be sure to follow the guidance below any time you provision new IP addresses.

We recommend that you proceed with caution if you would like to assign new PCG IP addresses for active Venn users. Venn updates GeoIP databases with all PCG IP addresses registered to the customer’s headquarters (US address) once provisioned, but it can take several weeks for this information to replicate to all GeoIP vendors. Until that happens, your users may experience incorrect location-based services, access restrictions, fraud detection issues, or performance problems.

View Your Company's PCG IP Addresses

  1. Navigate to login.venn.com or login.venn.com and Sign In with valid credentials.
    You may be required to verify the sign-in by completing the multifactor authentication on your mobile device.
  2. Click Company admin or Manage > Company admin.

    Updated_CM.png

  3. Click Private company gateway in the sidebar at left.

    Company Admin_PCG.png

On the Private Company Gateway page, you will see the public IP addresses assigned by group and region for your Private Company Gateway. 

PCG_IP Addresses_All Users.png

Adjust Your Company's Public IP Address Assignments

As a Company Manager, you can do the following on the Private Company Gateway Admin page:

A Venn subscription includes eight IP addresses per company by default, but you can provision more addresses as needed. Reach out to your Customer Success Manager for more information about billable IP addresses.

Follow the guidance below any time you provision new IP addresses.

Provision PCG IP Addresses for a New User Group

IP addresses can be provisioned for any existing user group in Venn. If you would like to create a new user group to assign IP addresses to, you can create a new user group if needed and manage which users are in each group.

To provision IP addresses for for a new user group:

  1. Follow the steps above to navigate to the Private Company Gateway Admin page.
  2. Click + Add group at the top of the page.

    PCG_IP Addresses_Add Group.png

  3. Choose the group, select which region(s) you would like to provision IP addresses for, and click Save.

    PCG_IP Addresses_Add Network Resources.png

IP addresses will be provisioned for each of the selected regions within the group. Provisioning may take several minutes to complete. By default, two IP addresses will be added for each group/region combination. Once provisioning is complete, you can add another IP address to any of the regions if desired.

Follow the guidance below any time you provision new IP addresses.

Provision IP Addresses for a New Region within a User Group

IP addresses can be provisioned for any of the regions available on the PCG Admin page.

If your company has a large hub of users accessing Venn who are located outside of one of the regions available on the PCG Admin page, please reach out to support.

To IP addresses for a new region within a user group:

  1. Follow the steps above to navigate to the Private Company Gateway Admin page.
  2. Click the arrow to the right of the group name to expand the group.

    PCG_IP Addresses_Click to Expand.png

  3. Click + Add regions within the group section.

    PCG_IP Addresses_Service group_Add Region.png

  4. Select which region(s) you would like to provision IP addresses for and click Save.

    PCG_IP Addresses_Add Region.png

IP addresses will be provisioned for each of the selected regions within the group. Provisioning may take several minutes to complete. By default, two IP addresses will be added for each group/region combination. Once provisioning is complete, you can add another IP address to any of the regions if desired.

Follow the guidance below any time you provision new IP addresses.

Add Additional IP Addresses for a Region within a User Group

By default, two IP addresses will be added for each group/region combination, but you can add additional IP addresses for a region within a user group as needed.

To add additional IP addresses for a region within a user group:

  1. Follow the steps above to navigate to the Private Company Gateway Admin page.
  2. Click the arrow to the right of the group name to expand the group.

    PCG_IP Addresses_Click to Expand.png

  3. Click the plus icon in the region you would like to assign an additional IP address to.

    PCG_IP Addresses_Service group_Add IP Address.png

  4. Click Add IP in the popup that appears.

An additional IP address will be provisioned for the region. Provisioning may take several minutes to complete. Only one IP address can be added at a time, so you must wait until provisioning is complete to add another IP address if desired.

Follow the guidance below any time you provision new IP addresses.

Remove an IP Address for a Region within a User Group

Once IP addresses have been removed, they cannot be recovered. 

To remove an IP address for a region within a user group:

  1. Follow the steps above to navigate to the Private Company Gateway Admin page.
  2. Click the arrow to the right of the group name to expand the group.

    PCG_IP Addresses_Click to Expand.png

  3. Click the trash can icon next to the IP address you would like to delete.

    PCG_IP Addresses_Service group_Delete IP Address.png

  4. Type REMOVE in the field provided and click Confirm in the popup that appears. 

Remove All IP Addresses from a Region

Once IP addresses have been removed, they cannot be recovered. 

To remove all IP addresses from a region:

  1. Follow the steps above to navigate to the Private Company Gateway Admin page.
  2. Click the arrow to the right of the group name to expand the group.

    PCG_IP Addresses_Click to Expand.png

  3. Click the delete icon at the bottom right of the region you would like to remove IP addresses from.

    PCG_IP Addresses_Service group_Remove Network Resources.png

  4. Type REMOVE in the field provided and click Confirm in the popup that appears. 

If you need to re-establish IP addresses for a region, follow the steps to provision IP addresses for a region above.

Transfer a Region's IP Addresses from One Group to Another

To transfer a region's IP addresses from one group to another:

  1. Follow the steps above to navigate to the Private Company Gateway Admin page.
  2. Click the arrow to the right of the group name you'd like to transfer resources from to expand the group.

    PCG_IP Addresses_Click to Expand.png

  3. Click the transfer icon in the region you would like to transfer IP addresses from.

    PCG_IP Addresses_Service group_Transfer Network Resources.png

  4. Select which group you would like to assign the IP addresses to and click Transfer IPs.

    PCG_IP Addresses_Transfer Network Resources.png

IP addresses for the region will be transferred to the new group.

PCG_IP Addresses_Service group_Transfer Network Resources Complete.png

Steps to Take After You Have Provisioned New IP Addresses

When you provision new IP addresses, you must maintain any configurations or policies that rely on your PCG IP addresses.

Restrict Application Access by IP Address

If any of your company's applications support restricting access by IP address, we recommend that you restrict access to only the PCG public IP addresses from which those applications should be accessed. This adds an additional security layer that helps you ensure that company resources can only be accessed securely by appropriate users who are logged into Venn.

Any time that you add new IP addresses, be sure to add the new addresses to your software access restrictions as appropriate.

Configure Web (DNS) Filtering Policy

If you provision IP addresses for a new user group (that did not previously have IP addresses assigned), a unique Web (DNS) Filtering Policy will be automatically created for the group.

We recommended that you copy the policies from the All Users group (varying the settings only as needed) and maintain the group's policy alongside the All User group's policy as you make adjustments.

Was this article helpful?