Access a Remote Host


In this guide, we'll use Firezone to secure access to a host based on the host's private IP address.

This is useful when you have a host that may be behind a firewall that you want to keep secure, but still need to access it from external networks like the internet.

After completing this guide, you'll be able to access the host using its private IP address and any services running on it, like SSH or RDP.


  • A Site that will contain the host you want to secure access to. Create a Site if you haven't already.
  • One or more Gateways deployed within the Site. Deploy a Gateway if you don't have any in the Site where this host is located.

Opening ports on your network firewall is not necessary or recommended. Firezone Gateways perform secure NAT traversal for you.

Step 1: Create a Resource

  1. In your admin portal, go to Sites -> <site> and click the Add Resource button.
  2. Select IP as the Resource type.
  3. Enter the private IP address of the host you want to secure access to. This should be an IP that's directly reachable from the Gateway(s) in your Site.
  4. Name the Resource something descriptive, like SJC File Server. You'll refer to this name when creating a Policy in the next step.
  5. Click Save.
Create a Resource

Step 2: Create a Policy

  1. In the Policies tab, click the Add Policy button.
  2. Select an appropriate Group and the the Resource you created in Step (1).
  3. Click Save.

Step 3: Done!

You should now be able to access the host using the private IP address you specified in Step (1).

Need additional help?

Try asking on one of our community-powered support channels:

Or try searching the docs:
Last updated: April 19, 2024