ZTNA Options & differences for private DNS

markamind · September 5, 2022, 8:31am

Situation

I have setup a private git repo on a private compute and want to perform git operations over a Ziti network

ZTNA (Ziti Network Access) options

1. LAN Gateway using two private routers

2. Ziti Edge Tunneller

A normal setup to create a tunneller

Differences

After working through the LAN Gateway option, my understanding is that this does not use a public edge router. It is not needed because the connection is made within the fabric between the two ziti routers that connect to the host via the nic.

In contrast, the Ziti Edge Tunneller operates at the edge, which by definition needs to pass via the public edge router.

Is this correct? Am i missing anything.

The impact of this difference is seen in how the Service Edge Router Policy is configured.

TheLumberjack · September 5, 2022, 11:27am

If you have the two ziti identities in different clouds/private networks, you’ll absolutely need and use a public edge router for the private edge routers or local tunneling apps to link to.

You always need at very least, one public edge router if you’re spanning two private networks.

Topic		Replies	Views
Feedback on deployment diagram Ziti Overlay	5	388	August 26, 2022
Ziti Edge Router General Questions General Questions	46	1419	May 8, 2023
Pros and cons of using edge router to host a private DNS Ziti Overlay	6	269	June 12, 2022
Ziti router interconnect Ziti Overlay	4	142	October 31, 2023
Creating a second public edge router Ziti Overlay	29	1104	July 20, 2023

ZTNA Options & differences for private DNS

Situation

ZTNA (Ziti Network Access) options

Differences

Related Topics