network_stuff:zscaler
This is an old revision of the document!
Allows the same kind of segmentation we can get in an EC2 instance (security groups, ACL and so on) but in end user stations.
Zscaler has their own cloud. they offer there: authentication, firewall (inspection) and metrics
Agents
- Requires Zscaler agent running on the computers
client connector app connectors(for applications) External_Link
Cloud
Zscaler Internet Access (ZIA) service
- ZIA uses GRE tunnel/s to the zscaler location to 'bundle' all users inside the same tunnel. That optimizes the routing to the zscaler cloud.
- That tunnel is limited to 1G and to 1k users. More users require more locations with more tunnels.
-
- (1G/250Mb per GRE tunnel (outbound)). If more throughput, we need more tunnels (and more public IPs). Link
-
Zscaler Private Access (ZPA)
- To access your organization's internal resources from any location. External Link
- Makes use of the
connectors - TLS tunnels: remote user »» ZS BROKER «« connectors(target infra)
Topics
PAC files
https://help.zscaler.com/zia/understanding-pac-file
Example of use: “create a wildcard that redirects all traffic of *.data.cloud.mycompany.mygroup.com (an example) towards the internal DNS from the perspective of PAC file?
network_stuff/zscaler.1725217039.txt.gz · Last modified: by jotasandoku
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
