ZAPP Connector on AWS Transit Gateway

Hello Team,

We want to Deploy APP Connectors on AWS to reach AWS resources/workloads.

We do have 30+ AWS accounts, with NO VPC Peering enabled between the accounts.
I have read about deploying APP Connector on Transit Gateways.
But how the Connectivity should be Made and how all the applications can be reachable.
Is the connector must be placed on the transit Gateway or Near the Load balancer.
Can you Please give some inputs on this.


The App Connector needs access to the apps or resources you’d like it to provide to users (internal), so place it in the environment where it can reach all of your assets. It’s best to ensure there are no FWs in between the App Connector and the app or resource unless you are willing to maintain those rules. Also, the App Connector just needs outbound 443 in order to reach the ZPA cloud. I typically suggest to place the App Connector where it has the most access to what your ZPA users need (apps, servers, resources). That will be a bigger challenge than enabling outbound 443 access for the App Connector.

1 Like