Blocking and Allowing Traffic

By default ACSC will block inbound traffic — but an Administrator can easily set up exceptions.

The Details

  1. By default ACSC will block, via routing rules, all traffic that is not sent through the ACSC network (except for multicast traffic – the 224.0.0.0/24 network block).

  2. However, ACSC will allow all traffic that is sent through the ACSC network.

  3. If an Administrator wants to allow other traffic through the host’s LAN interface, they can use the ACSC management UI to change the AllowedIPs / DisallowedIPs settings.

  4. If an Administrator wants to block inbound traffic to ACSC, they can use the host’s native firewall to block that traffic.

  5. If an Administrator wants to block inbound traffic that they’ve allowed in the host’s LAN interface (i.e. network ranges they’ve added to the host’s DisallowedIPs list), they have to use the host’s native firewall.

Examples of how ACSC works

  • For RDP access to a host running ACSC, if you use the default settings for ACSC, you will not be able to RDP to the host except from another host on the ACSC network — and only if the Administrator has configured the host’s firewall to allow inbound RDP access.

  • For WebRTC access to a WebRTC server running ACSC (like if you put ACSC on a self-hosted videoconferencing server), if you use the default settings for ACSC, you will not be able to set up a videoconference through the server except with another host on the ACSC network.

  • For WebRTC access to a WebRTC server on the Internet (for example Google Meet or Microsoft Teams), if you use the default settings for ACSC, you will be able to set up a videoconference through it — since ACSC allows outbound access to the Internet (through the Anti-Cloud hub in our Data Center, not through the host’s LAN interface).

  • If an Administrator has set up a different VPN on a host, in addition to ACSC, we can’t say for sure what will happen. When using multiple VPNs, you pretty much never want the situation you have on your own laptop, where you have multiple VPNs competing for the default route. If you need to have multiple VPNs on the same host, usually you want to set them up in what is often called a “split tunnel” configuration, where you route just a few network ranges through one VPN (like say just 10.101.0.0/16 & 10.1.0.0/24 through an existing VPN), and a few network ranges through the other (like say just 10.126.91.0/24 through ACSC).