Guides
Secure Access Help Center

Requirements for Zero Trust Access

Resource requirements for client-based zero trust access

A resource that you want users to reach using zero trust access must meet the following requirements:

  • Does not serve client-to-client traffic. Example: Peer-to-peer Voice over IP (VoIP)
  • Does not serve server-to-client traffic. Example: Remote assistance
  • Does not require a unique client IP address. Example: Applications that use the SMBv1 protocol
  • Does not require SRV DNS records. Examples: Active Directory, Kerberos, SCCM
  • Does not perform an ICMP connectivity check before connecting using TCP or UDP
  • Does not have any dependencies that have any of the above conditions
  • All of the resource's dependencies and any redirects must be also be defined as private resources with client-based zero trust access enabled.

Resource requirements for browser-based zero trust access

  • The certificate on the resource must be signed by a publicly recognized certificate authority (CA).

Network requirements for zero trust access

See the Zero Trust client-based access sections in Network Requirements for Secure Access.

Client requirements for client-based zero trust access

See Requirements for Secure Client with Zero Trust Access.

Updated 2 months ago