Network

Is the Network module included in any bundles?

The Network module is part of the Coro AI Complete bundle.

Is the Network module enabled by default?

No. The Network module is not enabled by default, and needs to be enabled by an admin user.

Is the Network module covered under the Coro SOC 2 type 2 report?

Coro SOC 2 Type 2 compliance is at the company level, and covers all modules, including Network.

What is Zero Trust Network Access (ZTNA)?

ZTNA is a security framework that enforces identity-based, granular access control to specific organizational resources. ZTNA ensures that only authorized users and devices can access designated assets, while all other access is denied by default, enhancing overall security.

For more information, see ZTNA.

What is the difference between Zero Trust Network Access (ZTNA) and Access Control?

Access Control is a security approach that grants or restricts access to systems, networks, or applications, based on predefined rules and permissions at the entry point. After authentication, users have access to resources based on their assigned permission levels within the network.

ZTNA verifies each access request independently, regardless of the user's location or prior authentication, and grants access only to specific resources needed for the user’s role, reducing exposure to the network.

Using Access Control for general security and ZTNA for sensitive or remote access improves security and provides a more adaptable defense strategy.

How is Zero Trust Network Access (ZTNA) different from VPN?

VPN provides encrypted access to an entire network, allowing users to connect to multiple resources after they are authenticated. In contrast, ZTNA limits access to specific resources based on the identity of the user or device and enforces access policies for each request, ensuring more precise control over information.

Which devices are compatible with Zero Trust Network Access (ZTNA)?

ZTNA is supported on Android, iOS, macOS, and Windows devices.

What are the minimum versions of iOS and Android supported by the Coro Endpoint Protection app?

The Coro Endpoint Protection app supports devices running Android 12 or later and iOS 17 or later.

Can I use Zero Trust Network Access (ZTNA) and VPN together?

Coro's Network module requires selecting either ZTNA or VPN to secure access, as they do not work together simultaneously. However, the ZTNA connection is secured through a separate VPN.

What happens if no resource policies are configured before activating Zero Trust Network Access (ZTNA)?

ZTNA blocks all connections by default. Only resources specified in access policies will be accessible. To avoid disruption, ensure that resource policies are configured before activating ZTNA.

Is there a limit to resource instances in a group configuration?

Yes. Each policy can include up to five resource instances.

Can I create multiple virtual offices in different locations?

No. Each Coro workspace supports only one virtual office, which applies to both Network and Secure Web Gateway (SWG).

Can the Coro Endpoint Protection app connect if IPSec is blocked?

Yes. The Endpoint Protection app on Android devices uses OpenVPN, which relies on TLS/SSL for secure transport, not IPSec. iOS devices use WireGuard, which performs its own encryption.

This means the app can connect even in networks where IPSec traffic is blocked.

note

To enable site-to-site tunnel connections, configure the network to allow IPSec traffic.

Can the VPN and ZTNA apply to Chromebook users?

Chromebook users can install the Android app, if Android apps are enabled.

Does Coro VPN support modern web protocols like QUIC or HTTP/2?

Yes. The VPN tunnels all traffic regardless of the web protocol used, including modern protocols like QUIC and HTTP/2. As long as the site works without the VPN, it will also work through the VPN without any special configuration.

What IP address is assigned when creating a virtual office?

When an admin user creates a virtual office in the Coro console, they must select a region or location for that office. Coro then assigns a static IP address based on the selected region.

Available regions include:

  • Australia (Sydney)
  • Brazil (Sao Paulo)
  • Canada (Toronto)
  • France (Paris)
  • Germany (Frankfurt)
  • India (Bangalore)
  • Israel (Tel Aviv-Yafo)
  • Mexico (Mexico City)
  • Netherlands (Amsterdam)
  • Singapore
  • South Africa (Johannesburg)
  • Spain (Madrid)
  • Tokyo (Japan)
  • United Kingdom (London)
  • United Kingdom (Manchester)
  • USA-East (New Jersey)
  • USA-Midwest (Chicago, Illinois)
  • USA-Pacific-Northwest (Seattle, Washington)
  • USA-South (Atlanta, Georgia)
  • USA-South (Miami, Florida)
  • USA-West (Los Angeles, California)
  • USA-West (Silicon Valley, California)

Does Coro offer Network Access Control (NAC) or endpoint network control?

Coro does not offer traditional NAC, but you can achieve the same goals using Coro’s Zero Trust Network Access (ZTNA). ZTNA enforces identity-based, context-aware access policies at the device level, making it a more scalable and secure alternative.

Does the Coro Endpoint Protection app force VPN, ZTNA, or DNS filtering use?

The Coro Endpoint Protection app can be configured to always keep the VPN, ZTNA, or DNS filtering on. However, users can still manually uninstall the app, which Coro cannot prevent at the device level.

Can I use DNS filtering without turning on the VPN or ZTNA?

Yes. The Secure Web Gateway (SWG) and Network modules work independently.

Why can't I find the Coro Endpoint Protection app in the iOS App Store?

The Coro Endpoint Protection app for iOS is available but Apple’s internal listing settings currently prevent it from appearing in search results. However, the direct download link is included in Control Panel > Network > Virtual Office, so users can easily access and install the app from there.

Can I configure both VPN and ZTNA in the same Coro workspace?

No. A workspace can be configured to use either VPN or ZTNA, but not both at the same time. Admin users must choose one access method based on their organization’s needs.

Where can I find my virtual office IP address in my workspace?

The virtual office IP address is located at the top of the Virtual Office section of Network.

Can I restrict Coro Endpoint Protection app installation to specific devices?

No, Coro does not support restricting which devices can download the Coro Agent. However, after the Agent is installed, admin users control which devices can access the VPN or ZTNA resources using device labels.

When do changes to VPN or ZTNA configurations take effect?

It depends on the type of change:

  • Switching from VPN to ZTNA : Takes effect at the next device heartbeat.
  • Adding a device to VPN, ZTNA, or DNS filtering : Takes effect at the next device heartbeat.
  • Changing a ZTNA rule, such as updating a resource IP address : Takes effect immediately for devices already connected to ZTNA.
note

The heartbeat interval defines how frequently a device checks in with Coro to receive updates. Admin users can view or configure this setting from Control Panel > Devices > Settings.

Does ZTNA support access control for SaaS applications like Salesforce?

Yes, if the SaaS application supports IP-based conditional access, enter the Coro Network public IP address in the application's allowlist. Then enable access for specific device labels in ZTNA. Only devices with those labels can access the application using Coro's public IP address.

How does MFA work?

Multi-factor authentication (MFA) adds an extra layer of security by requiring protected users to enter a one-time code from an authenticator app before connecting through the VPN or Zero Trust Network Access (ZTNA).

For more information, see MFA.