What is Pangolin

Pangolin is a modern Zero Trust Network Access (ZTNA) platform designed to replace legacy VPNs by providing granular, identity-aware access to infrastructure, self-hosted applications, and SaaS tools. Unlike traditional VPNs that grant broad network-level access, Pangolin enforces application-level security, ensuring users only reach the specific resources they are authorized to use. It utilizes a lightweight connector architecture that functions behind existing firewalls, eliminating complex port forwarding or NAT configurations. This approach significantly reduces the attack surface for DevOps and IT teams, providing a scalable, audit-ready alternative for managing distributed access in hybrid cloud environments.

Pangolin 's Core features

Identity-Aware Proxying

Pangolin integrates directly with your existing SSO provider to verify user identity before establishing any connection. By moving the access control layer from the network level to the application level, it prevents lateral movement within the network. Every request is authenticated and authorized, ensuring that even if a device is compromised, the attacker cannot scan or access unauthorized internal services.

Firewall-Friendly Connectors

The Pangolin connector is designed to be deployed behind any existing firewall without requiring inbound port openings. It initiates an outbound-only connection to the Pangolin controller, effectively bypassing NAT and complex firewall rules. This allows for rapid deployment in restricted environments, reducing the time-to-value from weeks of network configuration to mere minutes of installation.

Centralized Access Management

Manage all access policies from a single, unified dashboard rather than configuring ACLs on individual nodes. This centralized control allows IT administrators to revoke access instantly across the entire organization, audit connection logs in real-time, and enforce compliance standards without needing to touch individual server configurations or manage complex mesh VPN routing tables.

Granular Resource Scoping

Unlike traditional VPNs that provide full network access, Pangolin restricts connectivity to specific IP:Port combinations or domain names. This 'least privilege' model ensures that a developer working on a staging database cannot accidentally or maliciously access production infrastructure, significantly reducing the blast radius of potential security incidents.

Cross-Platform Client Support

Pangolin offers native clients for all major operating systems, including macOS, Windows, Linux, iOS, and Android. This ensures a consistent, high-performance experience for remote employees regardless of their hardware. The clients handle the encrypted tunnel establishment automatically, providing a seamless 'always-on' experience that is transparent to the end-user while maintaining strict security compliance.

How to use Pangolin

Create an account on the Pangolin dashboard and define your organization's identity provider (e.g., Okta, Google Workspace).,2. Deploy the Pangolin connector within your private network or VPC using the provided Docker image or binary.,3. Define access policies in the dashboard by mapping specific user groups to internal application endpoints.,4. Install the Pangolin client on end-user devices (macOS, Windows, Linux, iOS, or Android).,5. Authenticate via your SSO provider to establish an encrypted, identity-verified tunnel to authorized applications only.

Use cases of Pangolin

Secure Remote Development

Engineering teams use Pangolin to provide developers with secure access to internal staging environments and databases without exposing them to the public internet. This allows developers to work from anywhere while maintaining strict production-grade security controls.

Third-Party Vendor Access

IT managers grant temporary, time-bound access to external contractors for specific internal tools. By using identity-based policies, they ensure contractors can only reach the necessary applications, with full audit logs generated for compliance reporting.

Hybrid Cloud Connectivity

Organizations managing resources across multiple cloud providers and on-premise data centers use Pangolin to create a unified, secure access layer. It eliminates the need for complex site-to-site VPNs, simplifying connectivity for distributed infrastructure.

Who benefits from Pangolin

DevOps Engineers

They need to manage secure access to infrastructure without the operational overhead of maintaining traditional VPNs or complex firewall rules. Pangolin simplifies their workflow by automating access provisioning.

IT Security Managers

They require a robust, audit-ready solution to enforce Zero Trust principles. Pangolin provides the visibility and granular control needed to meet compliance requirements for remote access.

Remote-First Organizations

Companies with distributed workforces need a secure, reliable way to connect employees to internal resources. Pangolin ensures high performance and security without the latency issues common in legacy VPNs.

Pangolin