You must log in or register to comment.
I think needing a VPN to access the internal network is a good practice. And if you’re going to be used a VPN anyway, I don’t see why you wouldn’t use a “fake” TLD like .lan for internal stuff, after all it’s just simple DNS rules.
VPN is inherently not zero trust. You really should be moving to ZTN based tools