Traffic Steering for Zero Trust Access Client-Based Connections

Traffic steering entries on the End User Connectivity > Zero Trust page apply only to client-based zero-trust access connections to internal destinations that are configured as private resources.

When you configure a Private Resource, Secure Access automatically adds an entry for each configured resource address for client-based zero-trust access to the Traffic Steering page, in order to direct end-user traffic to the resource.

You can view traffic steering rules, but in most cases you should not edit rules on this page. See Best Practices, below.


Important note about editing traffic steering entries

If you edit entries that were automatically added to this page when you configured a Private Resource, the traffic steering rules for the resource are NOT updated when you make future edits to the Private Resource configuration page.

Best Practices

  • You should not add destinations directly to the zero-trust traffic steering page. Instead, add a Private Resource. See Add a Private Resource.

  • You should not edit entries on the zero-trust traffic steering page, except for the following purpose:

    Edit entries on the zero trust traffic steering page if you have configured the access address for a Private Resource as a wildcard FQDN of the format * and you want to exclude specified subdomains from client-based zero-trust access.

    For instructions, see Using Wildcards to Configure Traffic Steering for Private Destinations.

  • The number of destinations on the traffic steering page is limited. See Limitations and Range Limits.

Add DNS Servers< Traffic Steering for Client-Based Connections > Using Wildcards to Configure Traffic Steering for Private Destinations