For security reasons, most well run organizations will try to limit general Internet access to a single connection. This is the case even if the organization is distributed across multiple regions. Geographically disparate organizations may be connected via dedicated links, or via VPN tunnels that do not access connections other than VPN connections. Proxy Server can be configured in chains across various sites in a hierarchical configuration. In this way, you may place proxy servers on the far side of WAN (wide area network) links to improve Internet performance for users, and perhaps to improve local access controls.
In order to better monitor the activities of employees at work, network administrators need to use a single internet connection as a means to prevent employees from accessing forbidden external resources. Likewise, bad actors on the outside that are performing port scanning need to be prevented penetrating the intranet or internal network of a corporation.

A virtual private network (VPN) extends a private network across a public network, such as the Internet. It enables a computer or network-enabled device to send and receive data across shared or public networks as if it were directly connected to the private network, while benefiting from the functionality, security and management policies of the public network.
A VPN is created by establishing a virtual point-to-point connection through the use of dedicated connections, virtual tunneling protocols, or traffic encryption. Major implementations of VPNs include OpenVPN and IPsec.
A VPN connection across the Internet is similar to a wide area network (WAN) link between websites. From a user perspective, the extended network resources are accessed in the same way as resources available within the private network.
One major limitation of traditional VPNs is that they are point-to-point, and do not tend to support or connect broadcast domains. Therefore communication, software, and networking, which are based on layer 2 and broadcast packets, such as NetBIOS used in Windows networking, may not be fully supported or work exactly as they would on a real LAN. Variants on VPN, such as Virtual Private LAN Service (VPLS), and layer 2 tunneling protocols, are designed to overcome this limitation.