Cloudflare ZTNA thoughts?
Posted by chum-guzzling-shark@reddit | sysadmin | View on Reddit | 5 comments
I'm using Cloudflare ZTNA for my home lab and I love it for the most part. I was going to start testing it at work but I found out all your traffic is decrypted on Cloudflare's servers. This made me nervous to test without an agreement in place.
I'm thinking of using this as a VPN replacement. Is anyone using it day to day and what are your thoughts?
bjc1960@reddit
We use Entra Private Access, works for us for what we do.
ZAFJB@reddit
Global Secure Access Client is great. Only allows access from domain/Entra joined machines.
bjc1960@reddit
That is what we have. We are Entra only.
SevaraB@reddit
All vendor-run ZTNA is going to do that, though. For the most part, ZTNA is just vendor-run NAC, and ZTAA is just reverse proxies with good policy baselines and short re-auth intervals.
Remember, “zero trust” is just the flip side of public cloud- it isn’t doing anything you can’t do yourself- you’re just subscribing to save yourself the time and money of building it from scratch.
raip@reddit
I can't speak to CloudFlare - we didn't go with that solution, but Zscaler offers double encryption.