dokucama

User Tools

Site Tools

Trace:
network_stuff:zscaler

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
network_stuff:zscaler [2024/01/15 17:17] jotasandokunetwork_stuff:zscaler [2024/09/02 09:00] (current) jotasandoku
Line 1: Line 1:
-Allows the same kind of segmentation we can get in an EC2 instance (security groups, acl and so on) but in end user stations+Allows the same kind of segmentation we can get in an EC2 instance (security groups, ACL and so on) but in end user stations.\\ 
 +Zscaler has their own cloud. they offer there: authentication, firewall (inspection) and metrics
  
-== Agents == +==== Agents ==== 
-  * Requires zscaler agent running on the computers ''client connector''+  * Requires Zscaler agent running on the computers ''client connector''
   * ''app connectors'' (for applications) [[https://help.zscaler.com/zpa/about-connectors|External_Link]]   * ''app connectors'' (for applications) [[https://help.zscaler.com/zpa/about-connectors|External_Link]]
  
-== Cloud == +==== Cloud ==== 
-  * zscaler has their own cloud. they offer there: authentication, firewall (inspection) and metrics +=== Zscaler Internet Access (ZIA) service === 
-    * Zscaler Internet Access (ZIA) service. [[https://youtu.be/TVBbnxpo7V0?|External Link]] +    * When connection from 'on-site', ZIA uses **GRE tunnel/s** to get to he zscaler location 
-      * Limitations[[https://help.zscaler.com/zia/ranges-limitations|Limitations]]:+      * The tunnel 'bundles' all on-site users inside the same tunnel. That optimizes the routing to the zscaler cloud. 
 +    * That tunnel is limited to 1G and to 1k users. More users require more locations with more tunnels
 +      * [[https://help.zscaler.com/zia/ranges-limitations|Limitations]]:
         * (1G/250Mb per GRE tunnel (outbound)). If more throughput, we need more tunnels (and more public IPs). [[https://help.zscaler.com/zia/understanding-generic-routing-encapsulation-gre|Link]]         * (1G/250Mb per GRE tunnel (outbound)). If more throughput, we need more tunnels (and more public IPs). [[https://help.zscaler.com/zia/understanding-generic-routing-encapsulation-gre|Link]]
         *          * 
-    * Zscaler Private Access (ZPA) enabled. To access your organization's internal resources from any location. [[https://youtu.be/kvbKr7MVBlk|External Link]]+=== Zscaler Private Access (ZPA) ===  
 +  * To access your organization's internal resources from any location. [[https://youtu.be/kvbKr7MVBlk|External Link]] 
 +  * ZPA uses **TLS tunnels** to meet-in-the middle: remote user >>>> ZS BROKER <<<< connectors(target infra) 
 +  * Makes use of the ''connectors'' 
 +    * In admin.private.zscaler.com > Config & control > Private infrastructure > App Connectors 
  
  
Line 17: Line 25:
 === Topics === === Topics ===
 == PAC files == == PAC files ==
-[[https://help.zscaler.com/zia/understanding-pac-file]]+[[https://help.zscaler.com/zia/understanding-pac-file]] \\ 
 +Example of use: "create a wildcard that redirects all traffic of *.data.cloud.mycompany.mygroup.com (an example) towards the **internal DNS** from the perspective of PAC file?
  
  
network_stuff/zscaler.1705339055.txt.gz · Last modified: by jotasandoku

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
CC Attribution-Share Alike 4.0 International Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki