Monitoring Zscaler Internet Access (ZIA) Devices

Overview

TOS Aurora monitors Zscaler Internet Access (ZIA) platform for policy revision changes.

To see which TOS Aurora features are supported for your device, review the SecureTrack Features by Vendor.

Add a Device

1. Select Zscaler > ZIA Cloud Firewall.

   

2. Configure the device settings:

   

   • Device Type: Zscaler ZIA Cloud Firewall (filled automatically)

   • Name for Display

   • ST server: Select Central or RC (Remote Collector)

   • Usage Analysis: Select the relevant options:

     • Collect traffic logs for rule usage analysis

     • Collect traffic logs for object usage analysis

     Note: Enabling Usage Analysis for unused rules and objects requires configuration in Zscaler. See Configuring Zscaler to Send Log Data to TOS.

   • Enable Topology: Collects routing information for building the network Map.

3. Click Next.

   

4. Enter the following connection information:

   • User name

   • Password

   • API key: To obtain an API key, see https://help.zscaler.com/zia/getting-started-zia-api.

   • Zscaler Cloud login domain: We recommend monitoring Zscaler from a production domain. Monitoring from a beta domain may lead to unstable behavior.

5. Click Next.

6. Enter the Syslog Authentication information:

   

   • Log ID: Unique ID (for example, TOS-Aurora) that matches the value in the Feed Output Format of the NSS Feed. This match insures that TOS Aurora will recognize the syslog and analyze it correctly with the relevant Zscaler device.

   • Protocol: Select TCP or UDP to determine the port that will be used to transfer syslog information.

     • TCP: Use this value if Zscaler sends syslogs directly.

     • UDP: Use this value if the syslogs are forwarded to TOS Aurora using an external source like an SIEM server.

   • In Monitoring Settings, do one of the following:

     

     Select Custom and configure the monitoring mode and settings.

     • Periodic Polling, select Custom settings and configure the Polling frequency: How often TOS Aurora fetches the configuration from each device.

       If you select 1 day, you can then select the exact time (hour and minute) for the daily polling.

   Due to the Zscaler API rate limitations, Tufin recommends that you define the monitoring cycles for once an hour.

7. Click Next.

8. Click Save.

   The Zscaler ZIA Cloud Firewall device now appears in the Monitored Devices tree.

Configure a Monitored Device

After you add a device, further configuration options are available.

Options vary depending on your environment.

• Edit configuration: Use the wizard to modify selected device settings. See Add a Device in this topic.

• Delete this device: Type yes to confirm that you want to delete the device.

• Migrate (ST servers): Available in distributed deployments. Select the server where the device will be monitored and click Migrate.

• Migrate (Domains): Available in multi-domain deployments. Select the domain where the device will be monitored and click Migrate.

How Do I Get Here?

SecureTrack > Monitoring > Manage Devices