Client Networking

When users are attempting to connect to a resource through StrongDM, they are not entering the address and credentials for the resource, but rather an address that maps to the resource in StrongDM. During the request, if they are authorized to connect to the resource, StrongDM routes their traffic on and injects the correct credentials.

There are two available options for the routing of traffic locally on client machines. StrongDM, by default, uses a loopback interface, which uses a single local IP with different ports for various resources (and can be expanded to a local IP block). This means that when a user opens their client and connects to a resource, that connection is being routed through a local IP address and a preconfigured port that the StrongDM listener is listening for connections on. The other option is Virtual Networking Mode, which uses DNS names to route traffic locally on the client machine rather than specific IPs.

You can also override the ports that clients access resources through, on their local machine, just as you can alter local IPs or DNS names.