Offload web application traffic from EAA Cloud

When the user is connected to public IPs specified in the on-premises subnets of the Advanced settings of the identity provider (IdP), Enterprise Application Access can recognize that the user is on the network (on-net). Enterprise Application Access can offload any web application traffic directly through the internal hostname of the application. This avoids routing the web application traffic through the Enterprise Application Access Cloud. It is allowed only for access applications.

Add public IP gateways to an IdP

To allow IdP to recognize public IP gateways that users are connected to, you must add these public subnets as a list in the IdP advanced settings. This enables the IdP to classify these inbound connections as on-premises traffic.

1. Log in to Enterprise Center.

2. In the Enterprise Center navigation menu, select Application Access > Identity & Users > Identity Providers.

3. Select the IdP to open it.

4. In Settings > Advanced > On premise subnets enter an outbound web gateway IP address or subnet.
   Click Add more, to add additional subnets.

5. Click Save

6. Deploy the IdP.

Enable on-premises users to web access applications bypassing the EAA Cloud

Redirect application traffic to the internal hostname of the application for users who are on-premises subnets.

1. Log in to Enterprise Center.

2. In the Enterprise Center navigation menu, select Application Access > Applications > Applications.

3. Select the access application that you want to offload the traffic from EAA Cloud and send directly to users who are on premises.

4. In Advanced > Miscellaneous select Offload on-premise traffic.

5. Click Save and Deploy.