Zscaler

Zscaler Internet Access

Dashboard and Browsers

Changes (see Change Browser)

Rule Viewer (see Rule Viewer)

Cleanup (Summary of the number of rules that are disabled or have not been hit in the past year)

Topology

GRE (Generic Routing Encapsulation) Tunnel

IPsec Tunnel

Notes for Zscaler

  • To get rule and object usage collection and analysis you must configure Zscaler to allow TOS to analyze syslog information. After configuration, the Last Hit field will be populated in the Rule Viewer. From Rule Viewer, search timeLastHit to identify unused rules, You can also search object.timeLastHit and object.notHit to identify unused objects within rules. For details, see TQL queries in the Rule Viewer.

  • The last hit for FQDN objects will only appear when the DNS in the TOS cluster is used. Furthermore, due to the dynamic nature of FQDN objects, last hit on FQDN cannot be guaranteed to be 100% reliable.

  • Schedule and run reports to identify unused rules and objects using the Rule Analytics report in SecureTrack Reporting Essentials. The data is not supported in the Rule and Objects Usage report.

  • TOS supports Zscaler advanced firewall visiblity and path analysis including NGFW objects:

    • FQDN objects: Resolved by TOS DNS.

    • Application IDs: When the application is specified and the service field is ANY, TOS treats the service as application-default (only the default ports of the application can pass through the rule).

    • Custom URL categories