Hey everyone! I'm dealing with a tricky situation here and I'm sure many of you have faced something similar. We have a locally hosted ERP system (I'll bet some of you can guess which one!). The vendor provides mobile apps for both iOS and Android, but the challenge is how to securely expose our ERP for access through these apps, considering they're running on personal employee devices. Unfortunately, options like VPNs or connecting to the enterprise WLAN aren't feasible for us. My first thought was to use DNAT policy in our firewall to expose the app server, but that raises concerns about security and vulnerabilities. I've also considered solutions like ZTNA or an Entra proxy, but I'm uncertain if they can effectively bridge the gap between the mobile app and our app server without issues since it's not a custom-developed system. I would appreciate any advice or insights you can share. Thanks in advance!
1 Answer
What you're looking for could fall under a Secure Access Service Edge strategy. I'd recommend skipping the app and just using the web client instead. A cloud reverse proxy can provide the security you need without all the extra hassle. If the app is a non-negotiable, it might be worth looking into services like Forticlient ZTNA or Cloudflare Warp—they're more budget-friendly. Just a heads up, though: if your endpoints aren't managed, you could be risking compliance and audit certifications.
Related Questions
Can't Load PhpMyadmin On After Server Update
Redirect www to non-www in Apache Conf
How To Check If Your SSL Cert Is SHA 1
Windows TrackPad Gestures