[onorua]

I don't work for twingate, but I know several guys who do. From the chat with them, I understood it installs transparent proxy to your client, and forwards all the traffic to specific destinations through access nodes over the TLS tunnel. In case specific route is not "white-listed" - it asks for authentication/authorization. Basically instead of having one point of authentication e.g. VPN gateway, you may have several specific for resource, you don't need to play with routes and have a good internet connection while connecting to the services you care through secure connection.

[iojin_z_bajin]

Note that only "white-listed" [1] traffic is going through Twingate network. Regular user traffic (public resources) is proxied to the respective data sources directly from client devices.

[1] "white-listed" resources are basically protected (restricted) resources that are accessible to a specific Twingate user. Different resources may require different authentication methods (e.g. basic SSO vs. MFA).