I am trying to understand how ZPA works at the network level. From what I can gather, ZPA Client connector app sets up a tunnel to ZPA Service Edge node (either public or hosted in an enterprise DC) and an inside out tunnel is setup from the App connector to the ZPA Service Edge. These two tunnels are stitched together for the end to end connectivity. Are these two tunnels IPSec ?
Is IPSec a requirement or TLS can be used ? I also see some questions in the forum about using GRE tunnels. When is GRE recommended ? Trying to wrap my head around what kind of tunnel options ZPA supports and the pros/cons.