How to setup ewon router behind Zero Trust

Ewon provides industrial-grade routers with VPN functionality for third parties to support internal infrastructure.

For adam:ONE® Zero Trust connectivity users, these connections will fail by default for these potential reasons:

  • The default policy is usually a Holding Tank Quarantine
  • A deny-all policy does not include as an allowed domain (with subdomains)
  • DTTS® (Don’t Talk To Strangers) prevents the ewon device from making an UDP port 1194 connection directly to an IP without using DNS

Steps to resolve

  1. If one doesn’t exist already, build an IoT Allowlist (Whitelist) rule that includes and allows subdomains

  2. If one doesn’t exist already, build an Allowlist Policy (with the IoT rule enabled)

  3. Locate the ewon device on the Dashboard → Devices and edit to use the IoT policy

  4. Use traffic log (top left drop-down) to observe the ewon device attempting to make UDP port 1194 connections and note the failing destination IP address

  5. Create an Enabler under Dashboard → My Rules → Enablers (tab) that allows this traffic through, it would looks similar to this:

  6. Turn the Enabler ON in the IoT policy