Network

Is the Network module included in any bundles?

The Network module and all associated add-ons are part of the following bundles:

  • SASE
  • SASE Managed

Is the Network module enabled by default?

No. The Network module is not enabled by default, and needs to be enabled either by a Coro employee or an MSP.

Is the Network module covered under the Coro SOC 2 type 2 report?

Coro SOC 2 Type 2 compliance is at the company level, and covers all modules, including Network.

What is Zero Trust Network Access (ZTNA)?

ZTNA is a security framework that enforces identity-based, granular access control to specific organizational resources. ZTNA ensures that only authorized users and devices can access designated assets, while all other access is denied by default, enhancing overall security.

For more information, see ZTNA.

What is the difference between Zero Trust Network Access (ZTNA) and Access Control?

Access Control is a security approach that grants or restricts access to systems, networks, or applications, based on predefined rules and permissions at the entry point. After authentication, users have access to resources based on their assigned permission levels within the network.

ZTNA verifies each access request independently, regardless of the user's location or prior authentication, and grants access only to specific resources needed for the user’s role, reducing exposure to the network.

Using Access Control for general security and ZTNA for sensitive or remote access improves security and provides a more adaptable defense strategy.

How is Zero Trust Network Access (ZTNA) different from VPN?

VPN provides encrypted access to an entire network, allowing users to connect to multiple resources once authenticated. In contrast, ZTNA limits access to specific resources based on the identity of the user or device and enforces access policies for each request, ensuring more precise control over information.

Which devices are compatible with Zero Trust Network Access (ZTNA)?

ZTNA is supported on Android, iOS, macOS, and Windows devices.

What are the minimum versions of iOS and Android supported by Coro?

Coro supports devices running iOS 17 or later and Android 12 or later.

Can I use Zero Trust Network Access (ZTNA) and VPN together?

Coro's Network module requires selecting either ZTNA or VPN to secure access, as they do not work together simultaneously. However, the ZTNA connection is secured through a separate VPN.

What happens if no resource policies are configured before activating Zero Trust Network Access (ZTNA)?

ZTNA blocks all connections by default. Only resources specified in access policies will be accessible. To avoid disruption, ensure that resource policies are configured before activating ZTNA.

Is there a limit to resource instances in a group configuration?

Yes. Each policy can include up to five resource instances.

Can I create multiple virtual offices in different locations?

No. Each Coro workspace supports only one virtual office.

Can the Coro Endpoint Protection app connect if IPSec is blocked?

Yes. The Endpoint Protection app on Android devices uses OpenVPN, which relies on TLS/SSL for secure transport, not IPSec. iOS devices use WireGuard, which performs its own encryption.

This means the app can connect even in networks where IPSec traffic is blocked.

note

To enable site-to-site tunnel connections, configure the network to allow IPSec traffic.

Can the VPN, ZTNA, and SWG apply to Chromebook users?

Chromebook users can install the Android app, if Android apps are enabled.

DNS filtering is preventing authentication to our internal domain. What should I do?

Add your internal domain to the Secure Web Gateway (SWG) allowlist. For example, *.internal.company.com.

Does Coro VPN support modern web protocols like QUIC or HTTP/2?

Yes. The VPN tunnels all traffic regardless of the web protocol used, including modern protocols like QUIC and HTTP/2. As long as the site works without the VPN, it will also work through the VPN without any special configuration.

What IP address is assigned when creating a virtual office?

When an admin user creates a virtual office in the Coro console, they must select a location for that office. Coro then assigns a static IP address based on the selected location.

Available locations include:

  • Australia (Sydney)
  • Canada (Toronto)
  • France (Paris)
  • Germany (Frankfurt)
  • India (Bangalore)
  • Mexico (Mexico City)
  • Netherlands (Amsterdam)
  • Singapore
  • South Africa (Johannesburg)
  • Spain (Madrid)
  • Tokyo (Japan)
  • United Kingdom (London)
  • USA-East (New Jersey)
  • USA-Midwest (Chicago, Illinois)
  • USA-Pacific-Northwest (Seattle, Washington)
  • USA-South (Atlanta, Georgia)
  • USA-South (Miami, Florida)
  • USA-West (Los Angeles, California)
  • USA-West (Silicon Valley, California)

Does Coro offer Network Access Control (NAC) or endpoint network control?

Coro does not offer traditional NAC, but you can achieve the same goals using Coro’s Zero Trust Network Access (ZTNA). ZTNA enforces identity-based, context-aware access policies at the device level, making it a more scalable and secure alternative.

Does the Coro Endpoint Protection app force VPN use when connecting to a virtual office?

The Coro Endpoint Protection app can be configured to always keep the VPN connection on, ensuring traffic routes through the virtual office. However, users can still manually uninstall the app, which Coro cannot prevent at the device level.

Can I use DNS filtering without turning on the VPN or ZTNA?

Yes, you can add device labels just to DNS filtering. Additionally, any devices using the VPN or ZTNA automatically have DNS filtering.

What activity about DNS filtering from the Secure Web Gateway (SWG) add-on can I see in Coro?

Coro provides a DNS report that gives visibility into DNS filtering activity across your workspace. The report includes:

  • Top DNS queries and top blocked queries
  • Top allowed and blocked domains
  • Top allowed and blocked clients

This summary helps you identify usage trends, detect suspicious activity, and monitor the effectiveness of DNS-based protections. You can access the DNS report from your Coro workspace.

Why can't I find the Coro Endpoint Protection app in the iOS App Store?

The Coro Endpoint Protection app for iOS is available but Apple’s internal listing settings currently prevent it from appearing in search results. However, the direct download link is included in Control Panel > Network > Virtual Office, so users can easily access and install the app from there.

Can I configure both VPN and ZTNA in the same Coro workspace?

No. A workspace can be configured to use either VPN or ZTNA, but not both at the same time. Admin users must choose one access method based on their organization’s needs.

Where can I find my virtual office IP address in my workspace?

The virtual office IP address is located at the top of the Virtual Office section of Network.

Can I restrict Coro Endpoint Protection app installation to specific devices?

No, Coro does not support restricting which devices can download the Coro Agent. However, once the Agent is installed, admin users control which devices can access ZTNA resources using device labels.

When do changes to VPN or ZTNA configurations take effect?

It depends on the type of change:

  • Switching from VPN to ZTNA : Takes effect at the next device heartbeat.
  • Adding a device to VPN, ZTNA, or DNS filtering : Takes effect at the next device heartbeat.
  • Changing a ZTNA rule, such as updating a resource IP address : Takes effect immediately for devices already connected to ZTNA.
note

The heartbeat interval defines how frequently a device checks in with Coro to receive updates. Admin users can view or configure this setting from Control Panel > Devices > Settings.