ZTNA Options & differences for private DNS


I have setup a private git repo on a private compute and want to perform git operations over a Ziti network

ZTNA (Ziti Network Access) options

1. LAN Gateway using two private routers

2. Ziti Edge Tunneller

A normal setup to create a tunneller


After working through the LAN Gateway option, my understanding is that this does not use a public edge router. It is not needed because the connection is made within the fabric between the two ziti routers that connect to the host via the nic.

In contrast, the Ziti Edge Tunneller operates at the edge, which by definition needs to pass via the public edge router.

Is this correct? Am i missing anything.

The impact of this difference is seen in how the Service Edge Router Policy is configured.

If you have the two ziti identities in different clouds/private networks, you’ll absolutely need and use a public edge router for the private edge routers or local tunneling apps to link to.

You always need at very least, one public edge router if you’re spanning two private networks.

1 Like