Tunnel-type 2.0 client-access application

Multiple destination definitions can be combined into a single tunnel-type client-access application, providing ease of maintenance and making it less error-prone for administrators.

An enterprise organization may have end users accessing different types of applications on their laptops. With tunnel 2.0, the EAA IT administrator can configure a single tunnel-type client-access application and add many client applications. This saves a lot of time for the administrator from configuring individual TCP-type client-access applications for each client application or an individual Tunnel-type client-access application for each domain. It also reduces the operational cost since the application pooled tunnel-type client-access application can be used for accessing print servers on private IP addresses and also access domain-based applications (having FQDN) using either TCP, UDP, or both protocols, on specific port or port ranges. This makes the application pooled tunnel-type client-access application very flexible. Each tunnel 2.0 client application allows these parameters in each destination:

  • Different traffic protocols. TCP, UDP, or both types.
  • Domain names, host names or FQDN. Specific domains or wildcard domains.
  • IP addreses. Specific IP4 addresses with or without subnets.
  • Ports. Specify ports, port-ranges or both.

You can also have multiple destination definitions in a single tunnel-type client-access application for ease of maintenance.

For example, in the tunnel-type client-access application, you can have these five types of applications located at different destinations. EAA Cloud (MPOP) will only filter this type of traffic to reach the connector to be re-routed to the data center. Any other types of traffic is blocked in the EAA Cloud.

Destination 1. Allows tcp type traffic on port 1024 for benefits.com and other subdomains below it. *.benefits.com is a wildcard application since it allows all subdomains under a specific domain benefits.com

Destination 2. Allows tcp type traffic on port 80 for abc.com and no other subdomains below it.

Destination 3. Allows tcp type traffic on port 192.168.1.0 and subnets /24 on port 80 (CIDR notation).

Destination 4. Allows udp type traffic on port 172.10.1.1 on port ranges 1024-2048.

Destination 5. Both tcp and udp type traffic on yourcompany.com and subdomains, on all port ranges. This is a wildcard application since it allows all types of traffic, on all ports, and all subdomains under a specific domain yourcompany.com

End users of the organization might be accessing destination 1 for benefits, destination 2 for getting news, destination 3 for a print server, destination 4 for a mail server, and destination 5 for all websites hosted under yourcompany.com.

With this single tunnel-type client-access application configuration, EAA cloud will not block the traffic when all these conditions are satisfied. End users can securely access the five applications on the different application servers in the data centers.

You can still block some of the subdomains for wildcard application using domain exception lists in advanced settings of application configuration.

To take advantage of the application pooling capability in tunnel-type 2.0 client-access applications, it is recommended to upgrade to EAA Client 2.0.0 version.