# Bridge Mode Admin Guide

Cloudbrink's Bridge Mode enables users to connect more than one endpoint to enterprise private apps as well as SaaS apps through the primary endpoint on which the BrinkAgent is installed. All the other connected endpoints are referred to as secondary endpoints and do not require Brink App to be installed. 

This guide outlines the process for configuring the Cloudbrink Admin Portal and BrinkAgent to effectively leverage Bridge Mode. 

<figure><img src="/files/TxDdL9wlaSVfrpY7gMMI" alt=""><figcaption></figcaption></figure>

\
**Introduction**&#x20;

This document will guide in setting up the Cloudbrink Device Session Profiles, and Policy for end users to be able to configure their devices for Bridge Mode. Bridge mode must be enabled by the Cloudbrink Administrator at each device-user-group level before the users can use the option to connect secondary endpoints.&#x20;

**Prerequisites**&#x20;

A Cloudbrink connector deployed and configured with DHCP or static IP pool.&#x20;

Bridge Mode is only supported on Windows platforms. Primary endpoint must be a Windows 10/11 OS.&#x20;

Secondary endpoints may be any OS (Windows, Linux, Mac).

**Bridge Mode Important Notes**&#x20;

● When the secondary endpoint is connected to the primary endpoint via an L2/L3 switch, certain features such as physical interface flap on secondary endpoint may not detected on the primary endpoint (Brink Agent).&#x20;

● To establish a "bridge" users must carefully choose the physical interface of primary endpoint to which secondary endpoints will be connected.&#x20;

● The WAN Interface (internet providing interface) must not be used for bridge.&#x20;

● After configuring bridge mode on the primary BrinkAgent endpoint, and connecting the secondary endpoint, ensure the secondary endpoint interface is flapped (DOWN/UP) so that secondary endpoint generates DHCP request&#x20;

● It is recommended to setup the "Bridge" on the primary device first, then connect the secondary endpoint to that device.&#x20;

● Certain secondary endpoint operating systems may need to have an MTU manually configured.&#x20;

**Admin Portal High Level Instructions**&#x20;

● Create a device session profile with "Agent Bridge Mode" checked.&#x20;

● Create a device policy with a mapping to the appropriate profile.&#x20;

● Map the device user group policy to the "Device Session Policy"&#x20;

**Admin Portal Detailed Instructions**&#x20;

1\. From the admin portal, navigate to "Configure > System > Device Session Profiles".&#x20;

2\. Click on Device Session Profiles to drop down a list of profiles, and click the blue circle plus icon to create a new one.&#x20;

3\. In the new windows provide a profile name, select the connector that will be used to assign the enterprise private IP to the primary and secondary endpoint, and check the box to enable "AgentBridge Mode"

<figure><img src="/files/k0Ca46Wj4qigpGCfboQG" alt=""><figcaption></figcaption></figure>

Note-1: Bridge-mode can be enabled only when a Connector is selected that will assign the enterprise private-IP to the endpoints.
This restriction will be removed in future software.<br>

4. Still Under "System" expand out "Device Session Policies"&#x20;
5. Click the blue circle plus icon to create a new policy.&#x20;
6. In the new policy window, provide a name for the session policy, and select the profile created in the previous step from the drop down.&#x20;

<figure><img src="/files/l6YLG64vE05PKOZfAB1H" alt=""><figcaption></figcaption></figure>

7. Next, Navigate to > Configure > Device User Groups > Device User Group Policies&#x20;
8. Select the device user group to which the device session policy is to be assigned&#x20;
9. In the assignment window, select the device session policy created in the previous step for "Device Session Policy" field.&#x20;

<figure><img src="/files/3BnXaCVZDANybNmlAyaw" alt=""><figcaption></figcaption></figure>

10. This completes the configuration from the adminstrator side.&#x20;
11. Once bridge mode is enabled for a device user group, users belonging to that security group will see a new option "Bridge" on the Brink App.

### **Bridge Mode - End User Config**

1. When logging into the Brink agent, users should now see a new tab "Bridge" once properly enabled.&#x20;
2. Click on the "Bridge" tab, and users will see all available interfaces on the primary endpoint.

<figure><img src="/files/LAjEWK3rrga8Sd0GwrXL" alt=""><figcaption></figcaption></figure>

\
3\. Check the box(es) to select the interface(es) you want to bridge out to a secondary device(s), and click on the "Bridge" button at the bottom.

<figure><img src="/files/lOEmURIQMn0j0YpYIFTd" alt=""><figcaption></figcaption></figure>

4. Once the interface is successfully added to the "Bridge", connect the secondary endpoint to this interface to start accessing enterprise app from the secondary endpoint.&#x20;

<figure><img src="/files/QD3yPP0HyV66PkelukKw" alt=""><figcaption></figcaption></figure>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.cloudbrink.com/configuration/bridge-mode-admin-guide.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.