Comparison of the TCP-type and tunnel-type client-access applications

Here is a comparison of the two types of client-access application supported by the EAA Client.

Comparison of TCP-type and tunnel-type client-access applications
TCP-type client-access application Tunnel-type client-access application
Protocols TCP only TCP, UDP
Origin load-balancing Optional Does not provide any cloud termination so there is no way to do load-balancing regardless of the protocol
Scalability Created for each application (perApp) Created for a domain (perDomain)
Internal Hostname Exact hostname only

Single application

  • Exact hostname: app.example.com
  • Wildcard hostname: *.apps.example.com
  • Domain exception list support
  • Customize traffic type (tcp, udp, both)
  • Customize domain name (wildcard or exact hostname) or IP address (including CIDR notation for subnets)
  • Port (port range, specific port, comma separated list of both)
  • Allows pooling of many hostname destinations into a single tunnel-type client-access application for enterprises providing ease of maintenance for administrators.
Ports Single port Multiple ports
Port mapping Allowed Not allowed
Access Control List Deny access by:
  • Identity: Group, User
  • Network: Client IP, Country
Deny access by:
  • Identity: Group, User
  • Network: Client IP, Country
  • App: Port, Protocol