Comparison of Network Connection Methods

There are two ways for traffic from remote users to reach private destinations:

Both can be configured and used for a single resource, for supported scenarios. For more information about traffic handling in this situation, see Manage Network Connections.

Resource Connectors (Deployed in Connector Groups)

Characteristics of resource connectors:

  • Send traffic to private resources only.
  • Support only Zero Trust Access connections (client-based and browser-based).
  • Supported environments: AWS and VMware.
  • Require only outbound connections from your network.
  • Can connect user traffic to resources in data centers that have overlapping IP address ranges (when a single IP address can be in multiple locations), if the resource is defined and accessed using an FQDN.
  • If an application is hosted from multiple locations, resource connectors automatically send traffic to the application location nearest to the end-user's location, for an optimal user experience.
  • Easily scalable by deploying more connectors in a group.
  • Additional network routing configuration is not required. Existing routing is normally sufficient.
  • Expose only specified private resources, not your entire network, to Secure Access.
  • Connectors proxy traffic, so Secure Access is segmented from your network.
  • Self-maintaining lifecycle; software upgrades are managed for you by Secure Access
    (Except platform operating system upgrades currently.)
  • For more information, see Manage Resource Connectors and Resource Connector Groups and subtopics.

Network Tunnels (Deployed in Network Tunnel Groups)

Characteristics of network tunnel groups:

  • Can route internet-bound traffic as well as traffic to private resources.
  • Support VPN, branch-to-branch, and Zero trust network access (client-based and browser-based) connections.
  • Require networking devices on your network that can initiate IPSec tunnels. See Device Compatibility and Network Tunnels.
  • Network routing configuration is required.
  • Extend your network to the Secure Access cloud.
  • Many supported virtual and hardware platforms, simplifying connections to your existing environment.
    You may be able to use existing infrastructure, without deploying additional devices.
  • For more information, see Manage Network Tunnel Groups and subtopics.

Manage Network Connections > Comparison of Network Connection Methods > Manage Network Tunnel Groups