This guide outlines the steps required to set up an Appian Cloud site to receive inbound HTTPS traffic only over an IPSec VPN tunnel. With this configuration, the site will not be accessible over the Internet and all users must first be on their corporate network before navigating to their Appian Cloud sites. This configuration is intended for customers who require that only users and systems within their network can access the Appian Cloud site.
To allow inbound traffic to the Appian Cloud site over the VPN tunnel and over the Internet see KB-1537: Support for dual inbound HTTPS access (VPN and Internet).
The following are required for this configuration to be enabled on the Appian Cloud site(s):
Once all prerequisites are met, schedule a maintenance window with Appian Support to enable site(s) to receive inbound HTTPS traffic over the VPN. Once the maintenance window is completed, site(s) will be accessible only through the VPN.
Note: Sites running on a high availability configuration will require additional configurations. In this scenario, Appian provides three private IP addresses and network configuration is performed by the customer to forward web requests to a healthy web server.
The following diagram illustrates a sample traffic flow when end users and systems access an Appian Cloud site over the VPN tunnel. This diagram assumes a DNS server contains a host record pointing to the private IP address assigned to the site during the VPN tunnel configuration. End users will access the site using its FQDN.
Please refer to the diagram above when following the flow description in this table.
This article applies to all versions of Appian Cloud.
Last Reviewed: September 2019
© 2020 Appian. All rights reserved.