SIPA App Connector Best Practices

Hi there,
Just wondering what the zscaler approach is to using App Connectors for on-presmises applications through ZPA and using App connectors for SIPA.

I understand both require an app connector, can the app connectors used to access your internal be used for SIPA aswell, or do you usually deploy seperate app connectors just for SIPA?

Are there any best practices anywhere for this?


An App Connector can be used for both, simultaneously. However, there might be reasons to keep these functions separate:

  • To avoid too much latency between ZIA and the App Connector it makes sense to run it in the cloud (AWS/Azure/…). If you don’t have an App Connector set up there, creating a dedicated one would be the best option
  • Many customers don’t like mixing their true internal traffic with public traffic as it could make threat detection, troubleshooting and forensics more complex
  • In a similar fashion, keeping these functions separate ensures there won’t be a conflict with capacity between public and private flows