The bastion host is the computer/virtual-machine in a network that accepts administration traffic from the internet. It is the gateway through the firewall, hence the castle architecture analogy.