Dedicated internet gateway: Safely and securely route network traffic

Security and IT teams want to make it easy for users to access company resources. At the same time, they must make sure that all company traffic is secure. Using dedicated gateways to route traffic builds upon existing zero-trust models, providing extra security at the network layer.

Introducing dedicated internet gateway

A dedicated internet gateway allows organizations using Jamf’s Zero-Trust Network Access (ZTNA) to route traffic using two IP addresses specific to their environment. This means that only traffic from that specific IP address can access company applications and resources. It’s an important layer to access policies.

Dedicated internet gateways do not exist in isolation. They're one piece of a broader ZTNA architecture that continuously verifies both user identity and device health before granting access to any resource.

Jamf’s ZTNA already ensures that:

• Devices access resources only after successful user authentication and verification that the device is free from threats.
• Each app, service and data request requires verification before access is granted.
• Data is secured independently of the device or authentication credentials alone.

Whereas Zero-Trust Network Access verifies which user and what device is attempting to access resources, a dedicated internet gateway controls how that access happens. With a unique egress route to match access policies, a dedicated internet gateway allows you to allowlist traffic targeting organizational resources, ensuring that access requests are recognized as trusted traffic.

By routing traffic through a fixed pair of IP addresses tied exclusively to your environment, you can:

• Restrict access to high-value resources to only trusted, policy-compliant devices.
• Maintain IP-based allowlisting without sacrificing the flexibility of a distributed workforce.
• Reduce the risk of unauthorized access within the zero-trust architecture.
• Simplify firewall and access policy management: add two IPs to your organization’s allowlist and you're done.

If you're in a regulated industry, managing access to sensitive financial or healthcare data, or want to simplify how you manage IP allowlists across a distributed workforce, dedicated internet gateways are here to help.

Creating your own dedicated internet gateway is currently available to customers as an add-on in Jamf for Mac and Jamf for Mobile. You can learn how by visiting our technical documentation here.