Using Wildcards to Configure Traffic Steering for Private Destinations

For more granular control over zero trust access to private resources, and to reduce the number of individual private destinations on the Zero Trust Traffic Steering page, consider using wildcards to configure these destinations.


Important note about editing traffic steering entries

When you configure a Private Resource, Secure Access automatically adds an entry for each configured resource address for client-based zero-trust access to the Traffic Steering page, in order to direct end-user traffic to the resource.

If you edit entries that were automatically added to the Zero Trust Traffic Steering page when you configured a Private Resource, the traffic steering rules for the resource are NOT updated when you make future edits to the Private Resource configuration page.


If you have deployed the zero trust client on iOS devices, see unique matching information in the "Guidelines and Limitations" section of the Set up the Zero Trust Access App for iOS Devices topic.



To exclude traffic from a configured Private Resource address:

  1. Navigate to Connect > End User Connectivity.
  2. Click the Zero Trust tab.
  3. For the resource to modify, click the ellipsis button at the end of the table row and choose Edit.
  4. Provide subdomains to exclude from traffic steering for Zero Trust connections.
    For example, if your domain is *, and you want to exclude traffic to and, enter hr as an exclusion, then click Add and enter
  5. Click Save.

Traffic Steering for Client-Based Connections< Using Wildcards to Configure Traffic Steering for Private Destinations > Manage Virtual Private Networks