---
title: "Pangolin vs. Reverse Proxy"
description: "Learn how Pangolin's distributed architecture eliminates single points of failure and provides authenticated access to your applications"
---

Pangolin builds upon traditional reverse proxy principles but adds distributed architecture, tunneling, and identity-aware access control. While traditional reverse proxies are typically single-server solutions, Pangolin operates as a distributed network of nodes that provide highly-available access to your applications.

## Traditional Reverse Proxy Limitations

<CardGroup cols={2}>
<Card title="Single Point of Failure" icon="triangle-exclamation">
  If the reverse proxy server goes down, all applications become inaccessible.
</Card>

<Card title="Geographic Limitations" icon="globe">
  Users far from the server location experience higher latency.
</Card>

<Card title="Network Dependencies" icon="network-wired">
  Requires public IP addresses and open ports on your network.
</Card>

<Card title="Basic Authentication" icon="shield">
  Typically relies on network-based trust rather than user identity.
</Card>
</CardGroup>

## Pangolin's Dual-Layer High Availability

Pangolin provides high availability at two critical layers: ingress points and backend routing.

### How It Works

<Steps>
<Step title="Ingress Routing">
  Request is routed to the closest available node. If one goes down, there is always another point available.
</Step>

<Step title="Authentication">
  User identity is verified at the node before getting routed to your backend.
</Step>

<Step title="Tunnel Selection">
  Pangolin selects the optimal tunnel route to your backend service.
</Step>

<Step title="Failover Handling">
  If the primary tunnel fails, traffic automatically switches to an alternative route.
</Step>

<Step title="Response Delivery">
  Response follows the same resilient path back to the user.
</Step>
</Steps>

<Info>
This dual-layer approach ensures your applications remain accessible even if individual nodes or tunnel connections fail.
</Info>

## Key Differences

### Tunneling vs. Direct Network Access

| Traditional Reverse Proxy | Pangolin |
|--------------------------|----------|
| **Public IP Required** | **No Public IP Needed** |
| **Open Ports (80, 443)** | **No Open Ports** |
| **Complex Network Setup** | **Automatic Discovery** |
| **Network-Based Security** | **Encrypted WireGuard Tunnels** |

<Tip>
This tunneling capability makes Pangolin ideal for environments behind restrictive firewalls, CGNAT, or corporate networks.
</Tip>

### Identity-Aware Proxy (IAP)

Traditional reverse proxies rely on network-based trust, while Pangolin implements zero-trust access control:

<CardGroup cols={2}>
<Card title="Multi-Factor Authentication" icon="key">
  Support for 2FA, passkeys, and OTP.
</Card>

<Card title="Single Sign-On" icon="users">
  Integration with Google, Okta, and other identity providers.
</Card>

<Card title="Granular Permissions" icon="shield-check">
  Role-based access control and path-based rules.
</Card>

<Card title="Contextual Rules" icon="map-pin">
  IP-based, path-based, and geographic access policies.
</Card>
</CardGroup>

<Warning>
Unlike traditional reverse proxies, Pangolin authenticates every single request, ensuring that only authorized users can access your applications.
</Warning>

## Benefits Summary

| Feature | Traditional Reverse Proxy | Pangolin |
|---------|--------------------------|----------|
| **Availability** | Single point of failure | Distributed, fault-tolerant |
| **Performance** | Limited by server location | Regionally, optimized routing |
| **Security** | Network-based trust | Zero-trust, identity-aware |
| **Network Requirements** | Public IP, open ports | No public IP needed |
| **Authentication** | Basic or none | Advanced, multi-factor |
| **Scalability** | Manual scaling | Automatic regional distribution |

<Card title="Try Pangolin Cloud" icon="rocket" href="https://app.pangolin.net/auth/signup">
  Get distributed, authenticated access to your applications with Pangolin's regional network of nodes.
</Card>