How does Zscaler Tunnel work? (2023)

How does Zscaler Tunnel work?

When a user connects to the web, Zscaler Client Connector establishes the Z-Tunnel to the closest ZIA Public Service Edge, and forwards the web traffic through the tunnel so that the ZIA Public Service Edge can apply the appropriate security and access policies.

“Zscaler is a cloud-based information security platform delivered through more than 100 global data centres. To use Zscaler, Internet traffic from fixed locations such as branch offices or factories, roaming devices and mobile devices is routed through Zscaler points of presence before going on to the public Internet.

A machine tunnel allows a user's Windows device to establish a connection to a service before the user is logged in to Zscaler Client Connector.

It combines software-defined wide-area networking (SD-WAN) with access control and security, all bundled as a cloud service. In effect, it offers a secure private internet that interconnects a company's users, data centers, cloud infrastructure, and SaaS and other third-party services.

The iOS platform allows multiple VPNs to run simultaneously, as long as each VPN is of a different type; personal, per-app, or enterprise. For example, Zscaler Client Connector runs as an enterprise VPN. So you can simultaneously run another personal or per-app VPN, but not an enterprise VPN.

ZPA is an easier to deploy, more cost-effective, and more secure alternative to VPNs. Unlike VPNs, which require users to connect to your network to access your enterprise applications, ZPA allows you to give users policy-based secure access only to the internal apps they need to get their work done.

What is VPN Tunnel forwarding?

What is VPN Tunneling? The term VPN tunneling describes a process whereby data is securely transported from one device or network to another through a non-secure environment (such as the internet) without compromising privacy. Tunneling involves protecting data by repackaging it into a different form.

Zscaler services in the Sydney III Data Center will be expanding to use the new IP Range 165.225. 232.0/23 per the previous communication sent on July 01,2020. The new IP range will be added to dynamic resolution any time on or after the launch date of February 1, 2021.

To check if the Zscaler service is placing an IP address on the denylist: Hover over the Help icon at the bottom of the left pane, then click Denylist IP Check to open the Denylist IP Check window.

To add a port-based bypass, add the port to the network bypass in the Destination Exclusions field in Zscaler Client Connector profile. You must add the port to the end of the network bypass. For example, to bypass port 80 for the subnet 192.168. 1/24, add 80 to the end of the subnet.

On Trusted Network: When the user is connected to a trusted network, Zscaler Client Connector uses the Tunnel mode to forward user traffic to Zscaler. It also disables System Proxy settings so that users cannot change proxy settings to bypass Zscaler Client Connector for internet security.

Choose the Action that the Zscaler service takes when packets match the rule. Allow: Allow the packets to pass through the IPS. Block/Drop: Silently block packets that match the rule. Block/Reset: For TCP traffic, the Zscaler service drops all packets that match the rule and sends the client a TCP reset.