Todyl Platform Update: SASE Static IPs and SGN Routing Policies

Samir Jain
April 22, 2024

We’re proud to present Todyl’s newest module update: SASE Static IPs and SGN Routing Policies. With Static IPs, you can now reserve dedicated IP addresses within Todyl SASE for traffic exiting our global Points of Presence (PoPs). The routing policies' additional flexibility allows you to make your own Secure Global Network (SGN) with Todyl as the backbone.

Why Static IPs?

In many cases, traditional firewalls and other network resources require source IP addresses or ranges to restrict access. Generally, all SASE traffic exiting a PoP uses a shared IP range. These ranges serve many end users, including remote ones, allowing firewall restrictions to Todyl but not a specific account or tenant. SASE Static IPs now allow administrators to allocate reserved IP addresses at the tenant level, enabling access control policies at a granular level within Todyl.

How Static IPs work

Start by reserving a Static IP within one of our PoPs, controlling the region and geolocation of traffic exiting SASE. SGN Routing Policies then give you powerful control over which users, devices, groups, and traffic will egress from a reserved Static IP. Adding multiple Static IPs from multiple regions enables redundancy while optimizing latency.

Additionally, Static IPs may be applied atop your existing SASE configurations. There’s no need to rework your network layouts or traffic patterns; just allocate your Static IPs to promote greater security.  

Using Static IPs

With Static IPs, you can achieve several key business outcomes. Here are a few that our customers experienced with the new implementation:

  • Locking down access to critical on-prem resources: Create policies based on users and groups to control who can interact with on-prem servers and infrastructure, a key component of many compliance regulations like PCI DSS, HIPAA, and CMMC.
  • Creating conditional SaaS app access: Secure connections to SaaS apps including Salesforce, Workspace, and other solutions based on user, device, and location.
  • Introducing location-aware access policies: Lock down resource access by geo and location, preventing unauthorized access from non-office workers, impossible travel, securing contractors, and more.
  • Establishing low-latency connections to specified resources: Reserve Static IPs near offices, 3rd party resources, datacenters, and other high traffic destinations, leveraging the SGN private backbone for low latency transport around the globe regardless of where users are located.
  • Enabling remote connections to gated resources globally: Limit resource access for contractors and other staff by requiring devices to be connected from a certain location to egress via the Static IP to reduce insider risk.  

Getting started with Static IPs

Static IPs are currently available from our Atlanta, Chicago, Dallas, Denver, Los Angeles, Miami, New York, San Jose, Seattle, Washington, and London PoPs. To begin using Static IPs within Todyl SASE, you can allocate them via the “Static IP & SGN Routing" tab. You will be charged for each Static IP provisioned, but since they are specific to the tenant that uses them, those costs will only affect that tenant.

Learn more about SASE Static IPs and SGN Routing Policies here.

Stay up to date

Subscribe to receive the latest insights, news, and updates from Todyl.

Additional reading

Threat breakdown: Remote access and credential dumping
5 key elements of effective MDR providers: Beyond just detection and response
Streamlining zero trust security with JumpCloud and Todyl

Todyl updates

Sign-up to get the latest from Todyl sent straight to your inbox.