Pangolin builds upon traditional reverse proxy principles but adds distributed architecture, tunneling, and identity-aware access control. While traditional reverse proxies are typically single-server solutions, Pangolin operates as a distributed network of nodes that provide highly-available access to your applications.

Traditional Reverse Proxy Limitations

Single Point of Failure

If the reverse proxy server goes down, all applications become inaccessible.

Geographic Limitations

Users far from the server location experience higher latency.

Network Dependencies

Requires public IP addresses and open ports on your network.

Basic Authentication

Typically relies on network-based trust rather than user identity.

Pangolin’s Dual-Layer High Availability

Pangolin provides high availability at two critical layers: ingress points and backend routing.

How It Works

1

Ingress Routing

Request is routed to the closest available node. If one goes down, there is always another point available.
2

Authentication

User identity is verified at the node before getting routed to your backend.
3

Tunnel Selection

Pangolin selects the optimal tunnel route to your backend service.
4

Failover Handling

If the primary tunnel fails, traffic automatically switches to an alternative route.
5

Response Delivery

Response follows the same resilient path back to the user.
This dual-layer approach ensures your applications remain accessible even if individual nodes or tunnel connections fail.

Key Differences

Tunneling vs. Direct Network Access

Traditional Reverse ProxyPangolin
Public IP RequiredNo Public IP Needed
Open Ports (80, 443)No Open Ports
Complex Network SetupAutomatic Discovery
Network-Based SecurityEncrypted WireGuard Tunnels
This tunneling capability makes Pangolin ideal for environments behind restrictive firewalls, CGNAT, or corporate networks.

Identity-Aware Proxy (IAP)

Traditional reverse proxies rely on network-based trust, while Pangolin implements zero-trust access control:

Multi-Factor Authentication

Support for 2FA, passkeys, and OTP.

Single Sign-On

Integration with Google, Okta, and other identity providers.

Granular Permissions

Role-based access control and path-based rules.

Contextual Rules

IP-based, path-based, and geographic access policies.
Unlike traditional reverse proxies, Pangolin authenticates every single request, ensuring that only authorized users can access your applications.

Benefits Summary

FeatureTraditional Reverse ProxyPangolin
AvailabilitySingle point of failureDistributed, fault-tolerant
PerformanceLimited by server locationRegionally, optimized routing
SecurityNetwork-based trustZero-trust, identity-aware
Network RequirementsPublic IP, open portsNo public IP needed
AuthenticationBasic or noneAdvanced, multi-factor
ScalabilityManual scalingAutomatic regional distribution

Try Pangolin Cloud

Get distributed, authenticated access to your applications with Pangolin’s regional network of nodes.