Access
Use this section when you’re not sure where something lives, how to reach it, or why it’s not accessible.
Start here
Section titled “Start here” Identity & server access New Microsoft Entra SSO/MFA, directory sync, and server login patterns.
VPN access Updated How collaborators connect to the LEF private network.
Firewall & public ingress New EVEO-managed Fortigate and public HTTP(S) forwarding (incl. public IP block).
At a glance
Section titled “At a glance”- Identity/SSO: Microsoft Entra ID (default when supported).
- Private network: core infrastructure runs in the EVEO private cloud and is protected behind SSL‑VPN.
- Public services: some workloads live on public platforms such as Hostinger (websites) and SaaS providers like Google and OpenAI.
- Access model: public traffic is limited to HTTP(S); admin/operator access is generally VPN-only.
Public vs private access
Section titled “Public vs private access”- Public access (no VPN): public websites and EVEO-hosted web apps over HTTP(S) only.
- Private access (VPN/LAN): admin UIs and operator access (SSH/RDP/DB) over the private network.
Traffic flow (high level)
Section titled “Traffic flow (high level)”This diagram summarizes public vs private access paths.
Key entry points
Section titled “Key entry points”- VPN portal (SSL-VPN): https://vpn.lef.digital:10443/ (login page:
/remote/login?lang=en) - EVEO portal: https://nuvemprivada.eveo.com.br/
- Credentials (Vault): https://vault.lef.digital/
- Public ingress (Fortigate + public IP block): see Firewall & public ingress
For internal URLs and inventories:
- Service/admin URLs (DNS, S3, Kanban, Workflow, etc): Services
- Server login targets and service accounts: Servers
- SSH/RDP access patterns: Servers & logins
If you’re starting from a service URL/hostname, use Services and then open the relevant service page. If you’re starting from a server or host entry name, use Servers.
“I can’t reach it” checklist
Section titled ““I can’t reach it” checklist”- Am I on VPN? If not, many hostnames and services won’t resolve or route.
- Is it public or internal? Public sites should work without VPN; internal apps generally won’t.
- Does DNS resolve correctly from inside VPN/LAN? See DNS split horizon.
- Do I have access? See Access control policy.
Known risks / failure modes
Section titled “Known risks / failure modes”- Public traffic is limited to HTTP(S) paths intentionally; don’t expect SSH/DB ports to be reachable from the internet.
- Split-horizon DNS mistakes can make internal users resolve public hostnames to public IPs.
- Provider-managed perimeter changes (Fortigate rules, forwarding) can break reachability; escalate to Infra/EVEO as needed.