Skip to main content

Connect to internal Thales RIE Service from a Protect Landing Zone

Introduction

The Protect Landing Zone is not exposed on Internet, and is accessible from users that have a Thales managed Workstation (Thales WIN 10 or TNAP workstation), connected to a Thales RIE network.

An Express Route connects the Trustnest Network with the Thales Internal Network (RIE). However, by default, everything is blocked between Thales Internal services and the TDP Network.

NB: All Thales networks are not accessible from the Protect Landing Zone.

What the Protect Landing Zone offers by default for connecting to a Thales internal service

The Protect Landing Zone offers 2 things natively :

  • Thales Internal DNS resolution (*.corp.thales) : Even if you don't have access to the service, you can resolve the name from a Protect Landing Zone using our DNS resolvers (that are configured by default on your Virtual Network)
  • Ability to manage firewall rules (Network Security Group), to control In and Out flows from and to your Landing Zone private networks (ranges 10.0.0.0/8, 192.168.0.0/16, 172.16.0.0/12) with Thales RIE

However, what is non native is the communication between the Thales Internal Service and the TDP Network (you can open the firewall at the Landing Zone level, but the Thales Internal firewall will block the traffic)

![](../img/LZ-protect-with-RIE.png)

Procedure to ask for an access to a Thales Internal Services

In order to allow a connection from / to a Thales Internal Service with your Protect Landing Zone, use the following process:

Everything is not authorized automatically and may require a DSI approval. Don't hesitate to talk about business impacts as well.

The SLA for the request (FLORE process) on Thales IT Group ITSM is 10 days if the flow matrix is well formated and in authorized protocols. The SLA for the request on the TDP ITSM is 5 days.