Exploring the best practices for enterprise deployments
The best practices for an enterprise ZPA deployment can be divided per component. Let's start with the connectors.
App Connectors
When configuring your App Connectors as part of an enterprise deployment, you should install the App Connectors on an internal network segment, adjacent to the private applications. It is recommended that the network segment be configured with a default route to the internet.
The connector should also have access to an internal DNS server that can resolve both the application hosts and the hosts on the internet. Full application port and protocol access, including internet control message protocol (ICMP) access, should be granted to the connectors. If possible, avoid an explicit proxy on the path between the connector and the ZPA cloud. ICMP access is required for User Data Protocol (UDP) applications, which allows the round-trip time (RTT) calculations to the application host. This is...