When connecting to app or file sharing servers, the Server Agents are preferable as they don't expose the entire network and the connection is done over the Privatise virtual network.

However, in certain circumstances your company should use Site-to-Site for a ROC to a hardware firewall on site:

1. If you need to access printers.

2. If you need to connect to an RDP server. Server agents support direct RDP but cannot be put on RDP servers.

3. Some companies might prefer to use Site to Site when joining a Domain Controller instead of putting a Server Agent on it.

4. If you want to connect to AWS, Azure, or Google infrastructure.

If you have a hardware firewall that's not listed under Site-to-Site, please reach out to support and they will help you get started.

Here is the architecture of how Site to Site connects your users connected to a ROC to your office or cloud infrastructure.

Note that as of now you need to use the same Preshared Key across all tunnels that are on the same ROC.