Is It Possible to Do Full Internet Access via Safous?

It's possible for Safous ZTNA Service to allows users of ZTNA to access all internet traffic through the App Gateway which leverage the Safous agent to installed in end user client computer and creating network application in the Admin Portal.

There might be a time where customer want to monitor or audit internet traffic of the users by creating this kind of “tunnel” application. Please note that once you create this type of  application and grant users access to this application in policy, they will have access to the entire internet via the App Gateway but you will not be able to create any particular website exception that excludes users from certain sites.

If you aware on the limitation what this "tunnel" application can given you, then you can proceed to create the application which you need to have admin user to for configuring your environment including adding application, please check these KB down below about Admin access:

Once you ensure you have the appropriate user and access to the Safous Admin Portal, then you can create it by following these steps:


  1. login to
  2. Go to Settings tab> ZTNA
  3. In Application, choose Networks
  4. Click New Network, it will expand multiple forms to be filled for new network

    1. Fill Name information, which is the required filed and must be unique value with other application
    2. Fill CIDR information in per line basis with and, which represents the entire spectrum of all websites on the internet
    3. Select Site is optional as you could leave it using "all" but for multisite deployment it's recommended to choose the specific site based on which App Gateway the traffic will "tunneled"
    4. For TCP Ports value, you can leave it as it is unless you want to limit the ports that users can use for the traffic access to internet
    5. Same as TCP PortsUDP Ports also you can leave it as it is unless you want to limit the ports that users can use for the traffic access to internet
  5. Once every field has been filled and choose, the only thing to do is click "Save"
  6. Then it will give the successful notification



Next is the verification step to use the "tunnel" application, you need to ensure these things:

  • User that already created by admin, please refer to here
  • User already enrolled the MFA and can login properly, please refer to here
  • Admin already created policy mapping for app and user authorization, refer to here
  • Your favorite web browser to open User Portal

Once the you login, then you need to click on "Download Agent" 

Once clicked, it will pop-up the agent option to be downloaded. For the general information of the agent, please check in here

When you succeeded with agent connection to your ZTNA environment, you can verify whether your internet access already "tunnel" through App Gateway or not by accessing or other public web that can detect your public IP and compared with Source IP that being use by the App Gateway.