Hello, I have two questions please 1. For Road Warrior with custom port you said, PSE will check if SSL inspection enabled for location or not, then accordingly action will be taken. But I didn't understand how road warrior with a custom port will be linked with location? I found half answer of this well. We link custom port with location. So do we need multiple custom ports to link with multiple different location, e.g. one customer port for each? 2. In beginning you mentioned it enables user based logging and policies, so why we can't apply policy on user based instead of enabling it just on location? SSL inspection also mentions that for road warrior with PAC files, without dedicated port SSL global block policy, URL filtering and Cloud App policy will not apply. Why it is so, if users can be authenticated with credentials ?
1. You can associate a DPP to a location, only known location without IP address. If remote users use that DPP port for forward traffic to Zscaler PSE, the organization Will be identified by PSE, location based policies will applicable and do SSL inspection as well. SSL bypasses also applicable for the remote users.
2. You have an option to choose SSL inspection for devices based on operating system/ platform like windows, Mac, iOS and Android. So if you enable SSL inspection for Windows, all users who are using Windows OS will be SSL inspected by Zscaler
User authentication will not happen if PSE can't inspect the traffic from remote location. So your first traffic should http in case of PAC file without DPP. The location is just a named reference with DPP. Same DPP can use for all users in a corporate connecting from remote location. Zscaler can inspect the SSL only if the traffic is from known location, ZCC or DPP are your forwarding mechanism.
Apart from malware contents what about user privacy . Zscaler is able to inspect all ssl communications and extract user data like his credentials and other sensitive information . This is exactly man in middle attack.
Thanks for the good explanation
Hello, I have two questions please
1. For Road Warrior with custom port you said, PSE will check if SSL inspection enabled for location or not, then accordingly action will be taken. But I didn't understand how road warrior with a custom port will be linked with location? I found half answer of this well. We link custom port with location. So do we need multiple custom ports to link with multiple different location, e.g. one customer port for each?
2. In beginning you mentioned it enables user based logging and policies, so why we can't apply policy on user based instead of enabling it just on location? SSL inspection also mentions that for road warrior with PAC files, without dedicated port SSL global block policy, URL filtering and Cloud App policy will not apply. Why it is so, if users can be authenticated with credentials ?
1. You can associate a DPP to a location, only known location without IP address. If remote users use that DPP port for forward traffic to Zscaler PSE, the organization Will be identified by PSE, location based policies will applicable and do SSL inspection as well. SSL bypasses also applicable for the remote users.
2. You have an option to choose SSL inspection for devices based on operating system/ platform like windows, Mac, iOS and Android. So if you enable SSL inspection for Windows, all users who are using Windows OS will be SSL inspected by Zscaler
Appreciate your quick replies. I had changed question 2 as I found its answer
Will it be possible to provide input on 2nd question also
User authentication will not happen if PSE can't inspect the traffic from remote location. So your first traffic should http in case of PAC file without DPP. The location is just a named reference with DPP. Same DPP can use for all users in a corporate connecting from remote location. Zscaler can inspect the SSL only if the traffic is from known location, ZCC or DPP are your forwarding mechanism.
I need Zia full course can any one help
Apart from malware contents what about user privacy . Zscaler is able to inspect all ssl communications and extract user data like his credentials and other sensitive information . This is exactly man in middle attack.
Zscaler won't save inspected data in storage, it's keep in memory for policy validation and then Wipeout.
need to contact you
Hi , pls contact on info.itzecurity@gmail.com or wa.me/qr/XJUPLLN4HHWKF1