Can ZTNA replace a traditional VPN?

I posted this same question on reddit, but I’ll post again here for this community…

Can Cloudflare ZTNA replace a traditional VPN? I’m asking about Windows remote end-users accessing on-prem Windows resources, such as Active Directory (for authentication and GPO’s), SMB to file shares via DFS, obtaining licesnes from license servers, intranet website access, etc.

Typically users work from home a few days a week, they take their laptop home, their mapped drives are already setup (but disconnected). I would like them to be able to flick on the ZTNA client and voila - magic, their mapped drives are working, their computer can apply GPO’s, they can lauch their apps and grab a license, etc.

For simple things like license servers and intranet, the setup seems straightforward. I have a test environment setup, with Cloudflare “Applications”, “DNS Policies” and “Network Policies” all setup to allow access to a resource like intranet, which has a static IP.

However, for Active Directory and DFS, which don’t resolve to a single IP, how can I configure resolving these to on-prem resources at the end of the tunnel? See the reddit post for more info.

PS: If “Dom5” is reading this, I have read your posts on this forum and echo all your comments and frustrations. Please reach out if you ever got a working setup.

Many thanks in advance.