---
title: Configuring a private gateway
description: Add a private gateway to an on-premises or non-AWS cloud network to enable secure access to resources within that network.
component: privilege
page_id: privilege:configuration:network-infrastructure/configuring-private-gateways
canonical_url: https://docs.pingidentity.com/privilege/configuration/network-infrastructure/configuring-private-gateways.html
revdate: May 4, 2026
section_ids:
  prerequisites: Prerequisites
  procedure: Procedure
  validation: Validation
---

# Configuring a private gateway

This guide explains how to add a private gateway to an on-premises or non-AWS cloud network. Private gateways act as a secure entry point, allowing PingOne Privilege to manage and audit access to your internal resources.

## Prerequisites

Before you begin, ensure the following inbound ports are open on the host where you will install the gateway: `22`, `443`, `3389`, `8640`, and `8690`.

## Procedure

To add a private gateway:

1. In the PingOne Privilege admin console, go to **Cloud > Gateways**.

2. Click **Add New**, and then click **Add via Docker**.

3. Select **Private Proxy**.

4. Enter a unique **Cluster ID** to identify this gateway group, and provide the **Host IP** of the server where the gateway will be installed.

5. Click **Get Docker Command** and copy the generated command.

6. On your designated host within your on-premises network, run the Docker command you just copied.

The gateway will start and automatically register with the PingOne Privilege controller.

|   |                                                                                                                                                                                                            |
| - | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
|   | The PingOne Privilege controller does not have automatic visibility into on-premises network topology. After deploying the gateway, you must manually configure which resources are accessible through it. |

## Validation

After adding the gateway, go to the **Cloud > Gateways** page in the admin console. Your new private gateway should be listed with a "Verified" status.