Tunnel-type client-access applications created before 2025 used a limited set of Akamai Cloud Zones to route Zero Trust Network Access (ZTNA) traffic to the application. This approach often resulted in sub-optimal paths for remote users, potentially affecting application performance.

Akamai has now enhanced support for tunnel applications by enabling traffic to be routed through its planetary-scale Intelligent Edge network. With its broader global distribution and superior scale, the Akamai Edge network allows for more efficient application access paths. This leads to reduced latency and improved performance for end users.

By converting existing tunnel applications to Hybrid Tunnel applications, organizations can automatically leverage the Akamai Edge when available, falling back to Cloud Zones only when needed.

The converted tunnel application is referred to as a “Hybrid” Tunnel application since it supports both transport mechanisms over the Akamai Cloud Zone and the Akamai Intelligent Edge server.

When the Guardicore Platform Agent (GPA) client can successfully communicate with the Akamai Intelligent Edge network, it is used as the primary path. If communication with the Akamai Intelligent Edge fails, the GPA client automatically falls back to using Akamai Cloud Zones.

Prerequisites

1. You must contact Akamai Support to enable this feature for your contract.
2. You must be using Guardicore Platform Agent 7.1 (GPA) for this feature.
3. You must use a Unified Connector. If you are using a legacy connector, you can migrate to a unified connector.

Conversion to Hybrid Tunnel Application

Follow this procedure to convert your tunnel-type client-access application to hybrid tunnel application:

1. Log in to Enterprise Center.

2. In the Enterprise Center navigation menu, select Application Access > Applications > Applications.

3. On the Applications list page, select the tunnel application that you wish to convert to hybrid mode.

4. In the Settings tab of Application, go to the App Settings section.

5. Set Use Akamai Intelligent Edge to Enabled. This enables the tunnel application to operate in hybrid mode. When enabled, the Akamai Intelligent Edge network is used when available. Otherwise, the Akamai Cloud Zone is used. When disabled, the tunnel application only uses the Akamai Cloud Zone.

6. You will see a message indicating that TCP optimization must be enabled. Click Yes.

7. Go to the Connectivity, Authentication, and Access section.

8. Click Connectors.

9. You must see the Unified Connector that you migrated. See Unified Connector Migration for details on the migration.

Note: You should not be using Connector Pools.

You’re setting would look similar to this configuration:

10. Click Save and Deploy, to save and deploy the changes.
11. After the conversion, the Application Type changes to Type: Hybrid Tunnel App in the Application summary section on the right.

Limitations

Hybrid Application only works when directly associated with a Unified Connector. It does not work when you associate with a Connector Pool.