dokucama

User Tools

Site Tools

Trace: tcpdump haproxy
network_stuff:zscaler

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Next revision		Previous revision
network_stuff:zscaler [2023/11/20 18:57] – created jotasandokunetwork_stuff:zscaler [2024/09/02 09:00] (current) jotasandoku
Line 1: Line 1:
-Allows the same kind of segmentation we can get in an EC2 instance (security groups, acl and so on) but in end user stations+Allows the same kind of segmentation we can get in an EC2 instance (security groups, ACL and so on) but in end user stations.\\ 
 +Zscaler has their own cloud. they offer there: authentication, firewall (inspection) and metrics
  
-== Agents == +==== Agents ==== 
-  * Requires zscaler agent running on the computers ''client connector''+  * Requires Zscaler agent running on the computers ''client connector''
   * ''app connectors'' (for applications) [[https://help.zscaler.com/zpa/about-connectors|External_Link]]   * ''app connectors'' (for applications) [[https://help.zscaler.com/zpa/about-connectors|External_Link]]
  
-== Cloud == +==== Cloud ==== 
-  * zscaler has their own cloud. they offer there: authentication, firewall (inspection) and metrics +=== Zscaler Internet Access (ZIA) service === 
-    * Zscaler Internet Access (ZIAservice +    When connection from 'on-site', ZIA uses **GRE tunnel/s** to get to he zscaler location 
-    * Zscaler Private Access (ZPA) enabled. To access your organization's internal resources from any location+      * The tunnel 'bundles' all on-site users inside the same tunnel. That optimizes the routing to the zscaler cloud. 
 +    * That tunnel is limited to 1G and to 1k users. More users require more locations with more tunnels. 
 +      * [[https://help.zscaler.com/zia/ranges-limitations|Limitations]]: 
 +        * (1G/250Mb per GRE tunnel (outbound)). If more throughput, we need more tunnels (and more public IPs). [[https://help.zscaler.com/zia/understanding-generic-routing-encapsulation-gre|Link]] 
 +         
 +=== Zscaler Private Access (ZPA) ===  
 +  * To access your organization's internal resources from any location. [[https://youtu.be/kvbKr7MVBlk|External Link]] 
 +  * ZPA uses **TLS tunnels** to meet-in-the middle: remote user >>>> ZS BROKER <<<< connectors(target infra) 
 +  * Makes use of the ''connectors'' 
 +    * In admin.private.zscaler.com > Config & control > Private infrastructure > App Connectors 
 + 
 + 
 + 
 +---- 
 +=== Topics === 
 +== PAC files == 
 +[[https://help.zscaler.com/zia/understanding-pac-file]] \\ 
 +Example of use: "create a wildcard that redirects all traffic of *.data.cloud.mycompany.mygroup.com (an example) towards the **internal DNS** from the perspective of PAC file? 
  
network_stuff/zscaler.1700506637.txt.gz · Last modified: by jotasandoku

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
CC Attribution-Share Alike 4.0 International Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki