Secure Access Help Center

Traffic Steering for Zero Trust Access Client-Based Connections

Traffic steering entries on the End User Connectivity > Zero Trust page apply only to client-based zero-trust access connections to internal destinations that are configured as private resources.

When you configure a Private Resource, Secure Access automatically adds an entry for each configured resource address for client-based zero-trust access to the Traffic Steering page, in order to direct end-user traffic to the resource.

You can view traffic steering rules, but in most cases you should not edit rules on this page. See Best Practices, below.

🚧

Important note about editing traffic steering entries

If you edit entries that were automatically added to this page when you configured a Private Resource, the traffic steering rules for the resource are NOT updated when you make future edits to the Private Resource configuration page.

Best Practices

  • You should not add destinations directly to the zero-trust traffic steering page. Instead, add a Private Resource. See Add a Private Resource.

  • You should not edit entries on the zero-trust traffic steering page, except for the following purpose:

    Edit entries on the zero trust traffic steering page if you have configured the access address for a Private Resource as a wildcard FQDN of the format *.example.com and you want to exclude specified subdomains from client-based zero-trust access.

    For instructions, see Using Wildcards to Configure Traffic Steering for Private Destinations.

  • The number of destinations on the traffic steering page is limited. See Limitations and Range Limits.

Add DNS Servers< Traffic Steering for Client-Based Connections > Using Wildcards to Configure Traffic Steering for Private Destinations

Updated 3 months ago