topic Re: Better solution for remote access in General Topics

Better solution for remote access

W.Granada — Mon, 13 Oct 2025 16:36:45 GMT

Good day all,

I wasn't sure which group to post this on exactly so I figure try general topics first and then perhaps the conversation will lead me to the correct place where I can get more insight on this. What I am trying to do is I wanted to see if there is a better want to provide remote users access. Right now I am using VPN tunnels/GRE tunnels. In the beginning(covid days) this seem to be good enough but now a days I am getting more complaints about latency and the back and forth between us and the different home users ISPs about connectivity issues and latency. I work for a trading firm so latency and more reliable and stable connectivity for our remote traders is what I am trying to fix. I started reading about PA ZTNA and was wondering if anyone had any comments about this? I am looking in the right place or is there a better alternative?

Thank you in advance!!!

Warren

Re: Better solution for remote access

kiwi — Tue, 14 Oct 2025 08:08:30 GMT

Hi @W.Granada ,

Classic VPN models are often setup in an all-or-nothing configuration (they don't have to be but are often setup as such) sending all traffic back through the corporate network This backhauling can add significant latency.

Your instincts are correct. ZTNA is an alternative to explore.

It operates on the principle of "never trust, always verify." No user or device is trusted by default, regardless of their location. Every access request is verified based on factors like user identity, device posture (is it up-to-date with security patches?), and context. Its model enforces the principle of least privilege. So instead of granting network access, ZTNA provides highly granular, application-specific access. A remote trader would only be granted access to the specific trading platform and data resources they need for a single session. This significantly reduces the attack surface and minimizes the risk of lateral movement if a device is compromised.

ZTNA is often a cloud-based service, which can improve performance. It establishes secure, direct, one-to-one connections between the user and the specific application, bypassing the need to backhaul all traffic through a central data center. This "split-tunneling" approach can lead to lower latency and a better user experience. ZTNA can be more seamless for users. It works transparently in the background, without requiring the user to manually connect to a VPN client.

An alternative solution for trading can be to use VPS (Virtual Private Server). Your remote traders would connect to a high-performance VPS, which is typically located in a data center with ultra-low latency connectivity. This bypasses the latency and connectivity issues of the home user's ISP. The connection between the VPS and the trading exchange is optimized for speed. It also ensures 24/7 uptime for automated strategies, regardless of the home user's internet connectivity. That said, it's a different operational model and might not be the right fit if your traders need to access other internal applications directly from their home computers.

Sources:

https://docs.paloaltonetworks.com/best-practices/zero-trust-best-practices

https://www.paloaltonetworks.com/cyberpedia/what-is-zero-trust-network-access-ztna

https://www.paloaltonetworks.com/cyberpedia/what-is-zero-trust-network-access-2-0

Hope this helps,

Kim.

Re: Better solution for remote access

W.Granada — Tue, 14 Oct 2025 18:37:49 GMT

Hi Kiwi,

Interesting yes this sounds something that I need to dig deeper into but thank you for the information and links!!! I will check them out and reach out to Palo as we already do business with them.

Thank you for the info!!!

Warren