Overlay Networking

Dec 20th 2025

Key Concept: Overlay Networking

Overlay networking is a core concept behind how Access Gate delivers security, visibility, and access control without changing your existing network.

This page explains what an overlay network is, why Access Gate uses it, and how it applies in real deployments.

What Is Overlay Networking?

An overlay network is a logical network built on top of an existing physical network (the underlay).

  • The underlay network remains unchanged
  • The overlay network introduces new IPs, routing, and security controls
  • Traffic is redirected to the overlay only when protection is required

With Access Gate, the overlay allows traffic to be intercepted, authenticated, logged, and controlled—without re-IPing assets, modifying VLANs, or inserting devices inline.

Underlay vs Overlay

Underlay Network

  • Your existing LAN, OT network, or plant network
  • Assets keep their original IP addresses
  • No changes to switches, VLANs, or firewall topology

Overlay Network

  • Logical IP space owned and controlled by Access Gate
  • Typically uses the
  • Only used for protected access paths
  • Enforces security through proxying, not direct connectivity

Key concept: Assets stay where they are. Access control happens in the overlay.

Why Access Gate Uses an Overlay

Traditional security approaches rely on inline devices, VLAN segmentation, or flat VPNs. These approaches introduce risk in operational environments.

Overlay networking avoids those pitfalls:

  1. No Inline Risk
    1. Access Gate does not sit in the physical traffic path
    2. No single point of failure
    3. Production traffic continues even if Access Gate is offline
  2. No Network Redesign
    1. No VLAN changes
    2. No IP reassignments
    3. No switch or router reconfiguration beyond routing to Access Gate
  3. Access Control
    1. Clients never connect directly to assets
    2. All protected access flows through the Access Gate proxy
    3. Authentication, authorization, and logging are enforced centrally

This overlay approach is especially interesting when you have a network already in place, legacy configuration that are difficult to move.

What the Overlay Enables

Overlay networking allows Access Gate to enforce:

  • Identity-based access (who can reach what)
  • Time-bound and task-based permissions
  • Protocol-aware proxying (HTTP, RDP, SSH, SMB, industrial protocols)
  • Full session logging and traceability
  • Rapid isolation or revocation without touching the network

All without changing how your network is physically built.

Overlay Networking vs VLANs + Firewall

VLAN SegmentationOverlay Networking
Requires network redesignMinimal network changes
Static trust boundariesIdentity-based policies
Hard to auditFull access logging
Risky in OTGreat for OT

Overlay networking shifts security from network topology to policy and identity.

Key Takeaway

Overlay networking lets you add security, control, and compliance on top of existing IT and OT networks—without disrupting operations.

It is the foundation that allows Access Gate to be:

  • Non-intrusive
  • Agentless
  • Safe for production
  • Aligned with NIS2, CMMC, and Zero Trust principles