Solved

Zscaler

Posted on 2014-01-13
12
1,571 Views
Last Modified: 2014-01-28
Hi;
I am new to world of cloud security.. can someone please shine some light on how security is rendered to enterprise w/ zscaler?

Thanks;
0
Comment
Question by:totaram
  • 6
  • 6
12 Comments
 
LVL 1

Expert Comment

by:jawafa
ID: 39778173
zscaler works as a proxy. This means that your computer sends all Internet traffic to/from the Zscaler systems. So, when you type a url in your browser (ex: www.google.com) That request is sent from your computer to the Zscaler systems. They then connect to the servers, send the request, and receive the response. The Zscaler systems then inspect the response to ensure it is safe and meets corporate policies before sending it to your computer.

Zscaler does this on an enterprise level by acting as a proxy for all computers in the environment. This can include gateway devices like a firewall, router, etc as well.
0
 

Author Comment

by:totaram
ID: 39779786
Thanks Jawafa;
What I do not understand is role of GRE tunnels, can you please explain that piece?
0
 
LVL 1

Assisted Solution

by:jawafa
jawafa earned 200 total points
ID: 39779862
GRE stands for Generic Tunnel Encapsulation. In short an encapsulation protocol takes existing network packets, encapsulates it into another network packet and then sends it to a new destination. This new destination receives the encapsulated packet, unpackages it to the original packet, and then processes the original packet on.

In this case, GRE takes the original network traffic and encapsulates it into another packet then sends this new packet to Zscaler Cloud. This is done at the firewall so that no reconfiguration of any single machine needs to be done. Once this encapsulated packet is received Zscaler unencapsulates the packet and then processes the original packet through their Zscaler Cloud systems. Once the response is received from the Internet then Zscaler Cloud will then encapsulate the traffic using GRE and then send it back to your firewall which will unencapsulate the traffic and process the response appropriately.

The plus of using a GRE tunnel is that all traffic from the enterprise environment will be directed to the Zscaler Cloud service. The downside is that anyone outside the corporate environment, think mobile users, will not be using Zscaler.
0
 

Author Comment

by:totaram
ID: 39779926
If mobile/smartphone users do not go through GRE tunnel, does it mean that the mobile security is less stringent than the enterprise zscaler security?
0
 
LVL 1

Assisted Solution

by:jawafa
jawafa earned 200 total points
ID: 39780022
The only network connections that are going to go through a GRE Tunnel are those that are connected to the corporate network. So, if a mobile device, phone or tablet, is using the corporate network, via wireless for example, then it will us the GRE Tunnel and be secured. However, it the mobile device uses a cellular connection (ex: 3G, 4G, etc) then it will not go through the GRE Tunnel to Zscaler.

This means that any mobile device that is not using the corporate network for communication to the internet will not benefit from Zscaler services.
0
 

Author Comment

by:totaram
ID: 39780059
Ok.. so for GRE tunnels we need to use the enterprise resources.. but can laptops, iPhones and other smartphones be configured to use Zscaler as a proxy, if we do not connect it using as VPN?
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 
LVL 1

Expert Comment

by:jawafa
ID: 39780122
I know Zscaler offers the service, but I do not about your relationship with them. That would be a question for Zscaler.
0
 

Author Comment

by:totaram
ID: 39780970
Thanks Jwata; now that we are @ this topic, can you please let me know what is bluecoat filter... I see it quite a bit in ref to zscaler...
0
 
LVL 1

Expert Comment

by:jawafa
ID: 39782516
Bluecoat is an appliance based proxy that one can install into their network. This appliance then proxies all appropriate network traffic (ex: http, ftp, http/s, etc) to filter and scan the traffic. These appliances traditionally use a rule set of good and/or bad urls to block or allow traffic. Since the dynamic nature of the Internet enables malicious individuals to change their location rapidly these static filters are not able to keep up.

Bluecoat has an Internet based filter system that is designed to try and keep pace with these rapidly moving malicious individuals. This filter systems gathers information from a number of sources and continually updates the rulesets on ones local appliance.

My guess is that Zscaler references Bluecoats capabilities here because of Bluecoat is one of the recognized leaders in the proxy server space and has a large percentage of the market share.
0
 

Author Comment

by:totaram
ID: 39785710
I thought that description that is used above is for web browser proxy configuration using PAC files... is bluecoat filtering same as browser proxy confguration?
0
 
LVL 1

Accepted Solution

by:
jawafa earned 200 total points
ID: 39785967
At its most basic definition Bluecoat filter refers to the URL filtering rulesets that are active on the appliance.
0
 

Author Comment

by:totaram
ID: 39816331
Hi Jawafa;
Is there any authentication that users have to go thro' before using Zscaler features. My initial feeling tells me there should not be pne, but on second thought how does one Dept know that they have BW priority over other Dept???
0

Featured Post

Want to promote your upcoming event?

Are you going to an event? Are you going to be exhibiting at a tradeshow? Talking at a conference? Using a promotional banner in your email signature ensures that your organization’s most important contacts stay in the know and can potentially spread the word about the event.

Join & Write a Comment

I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
Steve Terp was featured in a video created by CRN about how "Channel Is Crucial To Market Disruption". Click on View source to see the video and article
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now