Skip to main content

About Network Applications

Abstract

A Network Application identifies a service that is reachable from a connected private network with a domain name. It can restrict access to only specific application protocols authorized to be used with that service. Applications serve as routes to the connected network and can be used in Access Groups to control who can access that Application.

A Network Application identifies a service that is reachable from a connected private network with a domain name. It can restrict access to only specific application protocols authorized to be used with that service. Applications serve as routes to the connected network and can be used in Access Groups to control who can access that Application.

The domain name associated with the Network Application can represent a private application or an internet application accessible via the connected private network. For a private application, it is required to add a DNS Record to CloudConnexa, or if a private DNS server is being used, a DNS entry needs to be made, mapping the application's domain name to the private IP address. For internet application domain names, there is no need to add a DNS record.

While a network can use Network Applications and IP subnets as Routes, it is recommended to use only Network Applications whenever possible instead of IP subnet Routes because with Applications, you can:

  • Hide the routes to your private networks, even from clients connected to CloudConnexa

  • Hide the IP address of the actual application server because the client receives an intermediary IP address from the WPC domain routing range.

  • Reduce the possibility of lateral movement because private network routes are not exposed.

  • Enforce least privilege policies and use zero trust principles, as all Applications need to be identified.

There are more advantages to using Network Applications and using them as routes. Refer About Application Domain-based Routing.

Note

For a Network that is not acting as an Internet Gateway, either an Application or a Route and IP Service must be added.

Consider this example of a Network Application for a private application and a public application:

You want to connect a private network to CloudConnexa for all remote users to access a private web server running on 192.168.1.25, but allow only the Sales department to access Salesforce. You represent the private network by configuring a Network and connecting it to CloudConnexa by using Network Connectors. You then add an Application named webapp, allow only HTTPS, and provide it a domain name of web.server.local. You then add another Application named Salesforce, allow only HTTPS, and provide it a domain name of salesforce.com. After adding a DNS Record mapping web.server.local to 192.168.1.25, you configure an Access Group allowing access to salesforce and webapp to the User Group that has all the IT department members as its Users and another one to provide access to webapp for all other User Groups.

With the above configuration, all users can use only HTTPS and access web.server.local while web traffic to Salesforce for the Sales department enters CloudConnexa and exits out of the connected private network on its way to salesforce.com servers.