Solved

Zscaler

Posted on 2014-01-13
12
1,760 Views
Last Modified: 2014-01-28
Hi;
I am new to world of cloud security.. can someone please shine some light on how security is rendered to enterprise w/ zscaler?

Thanks;
0
Comment
Question by:totaram
  • 6
  • 6
12 Comments
 
LVL 1

Expert Comment

by:jawafa
ID: 39778173
zscaler works as a proxy. This means that your computer sends all Internet traffic to/from the Zscaler systems. So, when you type a url in your browser (ex: www.google.com) That request is sent from your computer to the Zscaler systems. They then connect to the servers, send the request, and receive the response. The Zscaler systems then inspect the response to ensure it is safe and meets corporate policies before sending it to your computer.

Zscaler does this on an enterprise level by acting as a proxy for all computers in the environment. This can include gateway devices like a firewall, router, etc as well.
0
 

Author Comment

by:totaram
ID: 39779786
Thanks Jawafa;
What I do not understand is role of GRE tunnels, can you please explain that piece?
0
 
LVL 1

Assisted Solution

by:jawafa
jawafa earned 200 total points
ID: 39779862
GRE stands for Generic Tunnel Encapsulation. In short an encapsulation protocol takes existing network packets, encapsulates it into another network packet and then sends it to a new destination. This new destination receives the encapsulated packet, unpackages it to the original packet, and then processes the original packet on.

In this case, GRE takes the original network traffic and encapsulates it into another packet then sends this new packet to Zscaler Cloud. This is done at the firewall so that no reconfiguration of any single machine needs to be done. Once this encapsulated packet is received Zscaler unencapsulates the packet and then processes the original packet through their Zscaler Cloud systems. Once the response is received from the Internet then Zscaler Cloud will then encapsulate the traffic using GRE and then send it back to your firewall which will unencapsulate the traffic and process the response appropriately.

The plus of using a GRE tunnel is that all traffic from the enterprise environment will be directed to the Zscaler Cloud service. The downside is that anyone outside the corporate environment, think mobile users, will not be using Zscaler.
0
Flexible connectivity for any environment

The KE6900 series can extend and deploy computers with high definition displays across multiple stations in a variety of applications that suit any environment. Expand computer use to stations across multiple rooms with dynamic access.

 

Author Comment

by:totaram
ID: 39779926
If mobile/smartphone users do not go through GRE tunnel, does it mean that the mobile security is less stringent than the enterprise zscaler security?
0
 
LVL 1

Assisted Solution

by:jawafa
jawafa earned 200 total points
ID: 39780022
The only network connections that are going to go through a GRE Tunnel are those that are connected to the corporate network. So, if a mobile device, phone or tablet, is using the corporate network, via wireless for example, then it will us the GRE Tunnel and be secured. However, it the mobile device uses a cellular connection (ex: 3G, 4G, etc) then it will not go through the GRE Tunnel to Zscaler.

This means that any mobile device that is not using the corporate network for communication to the internet will not benefit from Zscaler services.
0
 

Author Comment

by:totaram
ID: 39780059
Ok.. so for GRE tunnels we need to use the enterprise resources.. but can laptops, iPhones and other smartphones be configured to use Zscaler as a proxy, if we do not connect it using as VPN?
0
 
LVL 1

Expert Comment

by:jawafa
ID: 39780122
I know Zscaler offers the service, but I do not about your relationship with them. That would be a question for Zscaler.
0
 

Author Comment

by:totaram
ID: 39780970
Thanks Jwata; now that we are @ this topic, can you please let me know what is bluecoat filter... I see it quite a bit in ref to zscaler...
0
 
LVL 1

Expert Comment

by:jawafa
ID: 39782516
Bluecoat is an appliance based proxy that one can install into their network. This appliance then proxies all appropriate network traffic (ex: http, ftp, http/s, etc) to filter and scan the traffic. These appliances traditionally use a rule set of good and/or bad urls to block or allow traffic. Since the dynamic nature of the Internet enables malicious individuals to change their location rapidly these static filters are not able to keep up.

Bluecoat has an Internet based filter system that is designed to try and keep pace with these rapidly moving malicious individuals. This filter systems gathers information from a number of sources and continually updates the rulesets on ones local appliance.

My guess is that Zscaler references Bluecoats capabilities here because of Bluecoat is one of the recognized leaders in the proxy server space and has a large percentage of the market share.
0
 

Author Comment

by:totaram
ID: 39785710
I thought that description that is used above is for web browser proxy configuration using PAC files... is bluecoat filtering same as browser proxy confguration?
0
 
LVL 1

Accepted Solution

by:
jawafa earned 200 total points
ID: 39785967
At its most basic definition Bluecoat filter refers to the URL filtering rulesets that are active on the appliance.
0
 

Author Comment

by:totaram
ID: 39816331
Hi Jawafa;
Is there any authentication that users have to go thro' before using Zscaler features. My initial feeling tells me there should not be pne, but on second thought how does one Dept know that they have BW priority over other Dept???
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Macbook Sierra OS OpenVPN issue 13 114
stackato and cloud 4 96
DNS and NSLOOKUP 21 79
Amazon backup  - keep forever 1 36
Big data transfers via information superhighways require special attention and protection. Learn more about the IT-regulations of the country where your server is located. Analyze cloud providers and their encryption systems for safe data transit. S…
Moving applications to the cloud or switching services to cloud-based ones, is a stressful job.  Here's how you can make it easier.
This Micro Tutorial will explain how to export DynamoDB tables in Amazon Web Services.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

821 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question