This article describes features that are only available in the Banyan Enterprise edition and Banyan Unlimited edition.

Overview

Banyan Service Tunnels use WireGuard to create fast, secure tunnels utilizing state-of-the-art cryptography. A service tunnel provides network-level connectivity into private networks as well as the public internet. When you specify the Public CIDRs and/or Public Domains that comprise a SaaS application in your service tunnel configuration, traffic to that SaaS application automatically flows over the tunnel and egresses with the IP address of your Banyan Edge.

Specifying IP Allowlists

Most SaaS Applications provide security configuration allow you restrict connectivity to your tenant to specified IP address ranges. SaaS vendors use different terminology to refer to IP Allowlisting.

Example 1: Salesforce

In Salesforce, you can restrict access to specific IP ranges by updating the Login IP Ranges setting.

Example 2: Mongo Cloud

In Mongo Cloud, you can restrict access to specific IP ranges by updating the IP Access List setting.

In both the examples above, access has been restricted to a fictitious IP range 1.2.3.4/32.

Banyan Edge Network IP Address

The IP addresses with which service tunnel traffic egresses your Banyan Edge Network depends on your deployment model.

---

What’s next

Once you’ve enabled IP Allowlisting for a given SaaS Application by configuring the network access setting in the SaaS application, review our article on tunneling the SaaS application traffic over a Banyan service tunnel.