Hey, CEO of Twingate here. There are some similarities but we view ourselves as much lighter weight and flexible than ZS. A few ways we're different:
- We eliminate the performance penalty of routing all your traffic through their cloud. We do almost all our routing decisions and authorization checks on-device to minimize performance hits.
- Our service is protocol agnostic, so things like SSH, RDP, etc work out of the box (no special SSH proxies, SSH settings, etc).
- We also let you try it out for free and our pricing is transparent :)
That said, we're big fans of ZS and think they are doing the world a huge favor by getting folks off traditional VPN :)
Hey, CEO of Twingate here. Splitting traffic off the device is just one element of the product - we provide significantly more controls than a typical "split tunnel VPN." You can set up the traffic segregation to go to any arbitrary number of destinations which can be in one cloud VPC, VPCs across multiple clouds, on-prem, routed via a VPC-egress for IP-based restrictions, or classic bypass which just exits the device normally. The segregation happens automatically without the user having to manual switch network profiles to access different environments. Our app just sits in the background and your traffic gets to where it needs to go.
You can also apply granular controls over how each connection is routed based on security and access policies. These policies are tied to your identity (via your IDP - Okta, Gsuite, etc) for easy user mgmt. You're essentially able to setup identity-based access controls on any destination address whether it's a web app, database, ssh server, etc. Very flexible by design and we get a ton of folks in devops & infra using it.
On the network side, we also eliminate the need for a public VPN gateway so there's no public attack surface on your private network/resources. Our connectors sit behind your firewall and are deployed as an overlay to your existing network topology so you don't have to reconfigure all your existing segmentation.
Sum it all up and it's much more powerful than just a split-tunnel VPN. Check it out for yourself at www.twingate.com - it's free to get started :)
>By routing all traffic through one destination, VPNs not only add latency to your internet experience, they also transmit all of your non-work traffic through your corporate servers as well.
No properly set up corp vpn would push a default route.
It's common to push a default route in highly regulated industries to ensure all activity can be logged (since it's often required by law or contracts)
Ehh maybe, we're regulated and the vpn gw is considered the "network boundary", things past it aren't our problem -- all our compliance is just within our network. Otherwise we'd need to manage endpoints to have an always-on-VPN-enforced sorta thing.. which means it's an in-scope device and personal traffic wouldn't be allowed on it anyway, rendering the entire premise moot.
Hey CEO of Twingate here, not sure if this is your point, but the reality is that with remote work, most folks have to leave their VPN on to access their work. If their VPN is on, all their traffic is going to your corp network - zoom calls, youtube, netflix, etc. Of course, users can manually turn it on/off but a huge pain if you're having to constantly babysit it when WFH.
This is not always the case, split-tunneling is a standard config option. I setup my clients this way most of the time. Only, corporate assets get the client and they are checked for a/v and firewall on connection.
I think you're misinformed about how most corp VPNs work. Usually a default route is not pushed -- only corp resource routes are. So traffic for corp resources goes over the VPN, while all other traffic goes out the default gateway (your connection) as usual. This is nothing fancy, it's how routing tables on every IP device ever have always worked.
15 comments
[ 3.4 ms ] story [ 45.7 ms ] threadThat said, we're big fans of ZS and think they are doing the world a huge favor by getting folks off traditional VPN :)
(see my answer above)
You can also apply granular controls over how each connection is routed based on security and access policies. These policies are tied to your identity (via your IDP - Okta, Gsuite, etc) for easy user mgmt. You're essentially able to setup identity-based access controls on any destination address whether it's a web app, database, ssh server, etc. Very flexible by design and we get a ton of folks in devops & infra using it.
On the network side, we also eliminate the need for a public VPN gateway so there's no public attack surface on your private network/resources. Our connectors sit behind your firewall and are deployed as an overlay to your existing network topology so you don't have to reconfigure all your existing segmentation.
Sum it all up and it's much more powerful than just a split-tunnel VPN. Check it out for yourself at www.twingate.com - it's free to get started :)
No properly set up corp vpn would push a default route.