Synctus appliances ship preconfigured in sets. For example: if you buy three appliances to install one at each of three offices, then they will ship together in a set of three already keyed to each other.

Once plugged in and turned on, they will automatically contact a rendezvous server maintained by us. This connection is a TCP connection secured with TLS. They use this server to determine the public facing IP addresses of each other.

They then initiate direct UDP connections between themselves using the rendezvous server to UDP hole punch through any NAT devices that may exist between them. If a direct VPN connection already exists (for example if your offices are already linked by a VPN) then this VPN is used automatically.

Once a UDP connection is verified to be valid in both directions, DTLS security is negotiated. Appliances use SSL certificates to verify the identity of each other.

The TCP connection to the rendezvous server is kept alive in order to be able to immediately re-establish direct UDP connections as required.

All data traffic travels on the direct UDP connections between different appliances only. Traffic to the rendezvous server is limited to keepalives and the initiation of the direct UDP connections.

More about firewall requirements