Direct Tunnel Access

Direct Tunnelling Redefined

Bring identity-based network access to critical, offline, air-gapped, standalone and legacy equipment in minutes, without exposing any endpoints to the Internet.

Remote Access as it should be

Direct IP Tunnels - without exposing your assets

IT and OT devices often require direct IP communication for configuration, diagnostics, or integration with native tools.

But how do you enable that when the device sits on an isolated, segmented, or offline network?

With Bifrost Direct Tunnel Access, you can extend a secure, out-of-band IP tunnel to any endpoint – just like running an infinitely long cable – without exposing the device to the internet.

Works with your favorite platforms

Simply install the client and log in to access your authorized connections

Legacy VPN vs Direct IP Tunnel

Legacy VPN

Granular Access in a box

Parallel Access

Legacy VPN

Once upon a time...

Configuring and maintaining VPNs was a hassle, leading to high upkeep,
human errors, and security risks.

Configuring and maintaining VPNs was a hassle, leading to
high upkeep, human errors, and security risks.

Direct IP Tunnel

Granular access in a box

Configure secure remote access based on your groups’ granular access policies.
Firewall complexity eliminated.

Direct IP Tunnel

Reach all your assets in parallel

Establish IPv4 connectivity across multiple endpoints and networks – simultaneously.

Why Direct IP Tunnels?

Fusing ZTNA, WireGuard®, and Bifrost hardware,
our Direct IP Tunnel brings plug-and-play peer-to-peer connectivity
to your critical infrastructure.

Hasslefree deployment

Bifrost Direct IP Tunnel automatically handles peers, DNS, routes, and firewall rules, allowing pre-configured subnet access by simply plugging in a Bifrost.

Local Control

Bifrost Direct IP Tunnels’ centralized manager gives local asset owners swift control over trusted third-party access, all managed by global access policies.

Identity-based

Bifrost Direct IP Tunnel uses identity-based access control instead of traditional IP addresses, streamlining multi-peer access for users.

Granular access control

Bifrost Direct IP Tunnel implements granular subnet mappings, allowing multiple users or teams to access different endpoints and applications on the same network.

Out-of-band Connectivity

Bifrost Direct IP Tunnel decentralizes network traffic by establishing out-of-band network connectivity without exposing the endpoint to the internet.

Peer-to-Bifrost-to-Peer

Bifrost Direct IP Tunnel merges WireGuard® Overlay Network with network-agnostic Bifrost Units, enabling simultaneous IPv4 connectivity across multiple isolated networks and endpoints.

Multi-factor authentication

Bifrost Direct IP Tunnel is MFA-protected, adding multi-factor authentication to any infrastructure or legacy system through a Bifrost Unit.

Activity logging

Bifrost Direct IP Tunnel configuration, subnet mapping, and initiation are tracked in the activity log, ensuring a reliable audit trail without logging private session data.

End-to-End encryption

Bifrost Direct IP Tunnel uses end-to-end WireGuard® encryption with locally stored private keys, ensuring only you can decrypt transitory data.

Direct Tunnel Access (with client)

Description: Establish a secure tunnel between a computer and one or more Bifrost Units, relaying access to your target endpoint(s).

Methodology: Remote operators install a lightweight client on their computer or mobile device, which manages access and enforces permissions configured by the administrator in the BifrostConnect Manager. Target endpoints are connected to a Bifrost Unit, eliminating the need for a client on the endpoint.

Purpose: This setup allows remote operators to use applications on their own devices to communicate with and control the target endpoint(s) efficiently and securely.

Direct IP Tunnel: Identity-based IPv4 connectivity to endpoints linked to Bifrost Unit(s). Access is managed through Subnet Mappings, which associate users with specific endpoint IPs or subnets.

Learn more about our security documentation on this page:

BifrostConnect Security Documentation

Want to learn more about Direct IP Tunnels?

Get in touch with one of our experts today.

Explore related resources

Quick Guide

Onsite Connection Guide

March 12, 2024

Setting up the Bifrost unit is a straightforward process. Download the onsite connection guide here and learn more.

Specifications

BifrostConnect Technical Specifications

January 12, 2024

Download the technical specifications for the BifrostConnect unit.

Brochure

Discover BifrostConnect

May 1, 2023

Zero Trust Access boosts remote work, expands market reach, saves resources, and prolongs technology lifespan.

A Unified Remote Access Platform

Together as a suite, the BifrostConnect Solution gives you unmatched flexibility in tailoring your Zero Trust Access and scaling up your existing setup.

Secure

Air-gapped remote access
Out-of-band LTE connectivity
End-to-end encryption
Transitory session data
Multi-factor authentication
SAML integration
Access management
Audit logging

Versatile

Direct IP Tunnel
IP Tunnel sessions
KVM sessions
Terminal/Serial sessions
SSH sessions
File transfers
BOOT/BIOS access
Portable/On-demand

Plug and Play

Support all platforms
Offline Remote access
Hassle-free implementation
No network configuration
Out-of-the-box commissioning
No on-site configuration
Easy to use
Hosted Private Infrastructure