Using Wildcards to Configure Traffic Steering for Private Destinations

For more granular control over zero trust access to private resources, and to reduce the number of individual private destinations on the Zero Trust Traffic Steering page, consider using wildcards to configure these destinations.

🚧

Important note about editing traffic steering entries

When you configure a Private Resource, Secure Access automatically adds an entry for each configured resource address for client-based zero-trust access to the Traffic Steering page, in order to direct end-user traffic to the resource.

If you edit entries that were automatically added to the Zero Trust Traffic Steering page when you configured a Private Resource, the traffic steering rules for the resource are NOT updated when you make future edits to the Private Resource configuration page.

Prerequisites

• Full Admin user role. For more information, see Manage Accounts.
• Before using this procedure, see important caveats at Traffic Steering for Zero Trust Client-Based Connections.
• The private resource address to edit must be configured as a wildcard FQDN.

Procedure

To exclude traffic from a configured Private Resource address:

1. Navigate to Connect > End User Connectivity.
2. Click the Zero Trust tab.
3. For the resource to modify, click the ellipsis button at the end of the table row and choose Edit.
4. Provide subdomains to exclude from traffic steering for Zero Trust connections.
   For example, if your domain is *.example.com, and you want to exclude traffic to hr.example.com and boo.finance.example.com, enter hr as an exclusion, then click Add and enter boo.finance.
5. Click Save.

Traffic Steering for Client-Based Connections< Using Wildcards to Configure Traffic Steering for Private Destinations > Manage Virtual Private Networks