Each of these sites is on Velocloud SDWAN. Our contract was a global one, mandated by corporate.
Zscaler is being used for content filtering on out Internet. Nothing halfway ..Anyone know how to disable/delete it?
Each customer gets their own set of virtual firewalls (which means individual IPs), and the IPs currently in use can get queried via a script for automating an ACL somewhere.Sorry, unrelated to your post, but fuck me sideways, marketing really like to jerk themselves off.Instead of Zscaler tunnelling you can look at their vZen or pZen product. Instead of network layer tunnels used in legacy remote access methods, the Zscaler Private Access solution provides authorized users access to specific applications via encrypted, per-session Microtunnels that are … Downside is you lose visibility to the logs for that traffic via zscaler.Some other solutions that the Zscaler team can provide visibility to or walk you through.Fee free to ping me direct or on LinkedIn and I can connect you with someone who can help with your specific environment.
These customers have extreme security requirements, including all public IP addresses of clients need to be permitted in their firewall. They never let you know if they are having issues so you spend a ton of time chasing ghost. Etc?SourceIP locked apps is fairly common across the enterprise space and almost every zscaler customer has implemented an approach to these. Since the destination is a “trusted” destination it would be similar to an internal app and you likely wouldn’t need to apply policy to it.
It's still on the roadmap though and not sure when (or if) it would be delivered.That's interesting, I suggested this as an idea to zscaler many months ago. Though I will fully admit some of the complexity on my end comes from having Verizon involved. You can simple use your companies public IP range behind it so your clients will be visible on that.Talk to your account team/partner - We were told that Zscaler was planning to solve this by giving an option to buy a dedicated IP that no one else will use.
Each of these sites has an IPSec tunnel to Zscaler.
It would help us out significantly if they can make it happen.We use a centralized firewall and .pac files for our users for this exact purpose. Zscaler has a big pool of IPs that it uses for all clients. We do hear some complaints from employees from time to time but security is a pain so it's normal. no bittorrent). They implemented Zscaler across a large group of users in a 10k+ employee company.
They include many of the items aboveWork with 3rd party to remove SourceIP restrictions since it is not a valid way of doing security etc.Leverage a PZEN or VZEN at one or multiple locations you own and route that specific traffic through those.Use a PBR or similar to bypass zscaler for those apps.
Zscaler I think, by itself is an OK product. Like it? Traffic is SSH, FTP and HTTP. Current situation: We have a few data centers and 40 offices. Here is a simple snippet from the PAC file:function FindProxyForURL(url, host) {We built out our own cloud security service in AWS.
Websites open, but most content is gone.
I have no admin abilities over it but I have noticed in the last 4 months that if any kind of update is applied to the zscaler proxy, we will have a couple days worth of tickets from users who cant get logged in due to zscaler popup.Not really sure why or how this happens but its a pain in the ass to deal with from a service desk point of view.Wasn't too bad, but felt clunky and when there are issues, it's a pain..
With the growth of Zscaler many organizations have been trying to review if this solution is a good fit. Sold by: Zscaler ZPA is a new way to provide secure remote access.
It is horrible. We had many issue with them, multi day outages, language barriers when we did need to call in. Pricey?Run fast, run far. Sounds about the same experience a client had. Bill Lapp, zscaler
When you’ve built out these “network hubs” in the cloud you could consider them for end user vpn termination, fast connectivity for your business partners / acquisitions, etc.
They use the SaaS offering of our product line, so it's hosted out of our datacenter.