# One Way Network Access

---

## Overview

One-way network access in an air-gapped environment represents a controlled unidirectional communication channel that allows internal systems to initiate connections to external networks while strictly preventing any inbound connections. This approach provides a balance between security isolation and operational efficiency.

If your constraints are closer to **hybrid** deployments—SaaS and self-managed JFrog Platform Deployments where inbound access to on-premises is blocked but **outbound** tunnels are acceptable—the [Hybrid with JFrog Bridge](../multi-site/hybrid-jfrog-bridge/) scenario describes how JFrog Bridge carries federation and related traffic over client-initiated connections.

---

### Architecture

This is a typical Artifactory deployment in a one-way network air-gapped environment. Note that the JFrog Platform on both sides includes JFrog's Security solutions like [JFrog Xray](https://jfrog.com/xray/).

![Air Gap One-way Network](../../../../images/air-gap-one-way-network.png)

### One-Way Connection Scenario

**Controlled Unidirectional Access**

This scenario allows limited, controlled connectivity from the internal environment to external systems, enabling more automated artifact acquisition while maintaining security boundaries.

**Architecture Characteristics**
- Internal Artifactory instance can initiate connections to external systems
- External systems cannot initiate connections to internal environments
- Connections are typically proxied through secure gateways with traffic filtering
- Network traffic is monitored, logged, and subject to security policies

**Operational Models**

**Smart Remote Repositories**
- Internal Artifactory uses remote repositories that proxy external Artifactory instances
- External instances serve as trusted intermediaries for public repositories
- Artifact requests flow through secure, unidirectional connections
- Caching occurs at both external and internal levels for performance optimization

**Pull Replication**
- Internal repositories configured to pull approved artifacts from external instances
- Scheduled replication jobs transfer pre-approved dependencies
- Automated synchronization of whitelisted artifact collections
- Centralized control over which artifacts are made available internally

**Security Benefits**
- Controlled access to external resources with security oversight
- Automated artifact acquisition reduces manual overhead
- Maintains network isolation while enabling necessary connectivity
- Comprehensive logging and monitoring of all external communications

**Operational Advantages**
- Reduced delays in dependency acquisition compared to no-connection scenarios
- Automated processes reduce human error and operational overhead
- Better support for CI/CD automation and developer productivity
- Simplified artifact management and synchronization procedures