Gateway Topology
Design your gateway architecture to match your team size, geographic distribution, and resilience requirements.
Single Gateway (Small Teams)
Suitable for teams up to ~50 users or a single office location. One gateway handles all VPN connections and is managed from the same server.
[Remote users] ──► [Gateway + Admin] ──► [Internal Network]
↑
(1 server, 2–4 cores)Multi-Gateway (Multi-Office)
Deploy additional gateway nodes for branch offices or geographic regions. All nodes are managed from a central admin console.
┌─── Gateway Node (Beijing) ───► Office LAN A
[Admin Console] ─┤
└─── Gateway Node (Shanghai) ──► Office LAN B
└─── Gateway Node (AWS) ─────► Cloud VPC- Clients automatically connect to the nearest gateway based on latency
- Policies defined centrally apply to all nodes
- Adding a new node does not require redeploying the admin console
High Availability
For production environments requiring zero-downtime VPN access:
- Deploy two or more gateway nodes behind a load balancer
- Clients reconnect automatically if the primary node fails
- Use a shared external database for session persistence (Enterprise edition)
💡 Start with a single gateway and add nodes as your organization grows. Migration is non-disruptive.
Capacity Planning
| Concurrent Users | Gateway Spec | Bandwidth |
|---|---|---|
| Up to 50 | 2 cores / 4 GB | 100 Mbps |
| 50 – 200 | 4 cores / 8 GB | 500 Mbps |
| 200 – 500 | 8 cores / 16 GB | 1 Gbps |