Client Connector
Step-by-Step Configuration Guide for Zscaler Client Connector
This guide takes you step-by-step through the configuration tasks you must complete to begin using Zscaler Client Connector for your organization.
Before you begin configuring Zscaler Client Connector, Zscaler recommends reading the following articles:
- What Is Zscaler Client Connector?
- About the Zscaler Client Connector Portal
- Using Zscaler Client Connector
- Zscaler Client Connector Processes to Allowlist
Configuring Zscaler Client Connector
To configure Zscaler Client Connector, complete the following steps:
- Step 1: Complete System Requirements and Prerequisite Tasks
Before you begin configuring Zscaler Client Connector, complete the following system requirements and prerequisite tasks:
- Windows Requirements
- Supported versions: For a list of supported Zscaler Client Connector versions and supported OS versions for Windows, see Supported Versions.
- Disk usage: 200 MB
- Memory usage: 150 MB
- Processor capable of running operating systems supported by Zscaler Client Connector.
- Microsoft .NET Framework 4 and later.
- Supported languages: For a list of supported languages for localization, see Localization Support.
- Allowlist Zscaler Client Connector processes and configure firewall bypasses.
While Zscaler has allowlist agreements for Zscaler Client Connector in place with specific endpoint protection vendors such as Trend Micro and Kaspersky Labs, for some endpoint protection products like anti-virus and personal firewall, you might need to perform additional allowlist to ensure full Zscaler Client Connector functionality. To learn more, see Zscaler Client Connector Processes to Allowlist.
- Limitations and dependencies
For Windows, note the following:
Close
- macOS Requirements
- Supported versions: For a list of supported Zscaler Client Connector versions and supported OS versions for macOS, see Supported Versions.
- Disk usage: 200 MB
- Memory usage: 150 MB
- Processor capable of running operating systems supported by Zscaler Client Connector.
- If you are using Tunnel mode in your forwarding profile, ensure that you disabled the system firewall.
- Supported languages: For a list of supported languages for localization, see Localization Support.
- Allowlist Zscaler Client Connector processes and configure firewall bypasses.
While Zscaler has allowlist agreements for Zscaler Client Connector in place with specific endpoint protection vendors such as Trend Micro and Kaspersky Labs, for some endpoint protection products like anti-virus and personal firewall, you might need to perform additional allowlist to ensure full Zscaler Client Connector functionality. To learn more, see Zscaler Client Connector Processes to Allowlist.
Close - Linux Requirements
- Supported versions: For a list of supported Zscaler Client Connector versions and supported OS versions for Linux, see Supported Versions.
- Disk usage: 200 MB
- Memory usage: 150 MB
- x86-64 architecture processor capable of running operating systems supported by Zscaler Client Connector.
Close - iOS Requirements
- Supported versions: For a list of supported Zscaler Client Connector versions and supported OS versions for iOS, see Supported Versions.
- Compatible with iPhone, iPad, and iPod touch.
- 20 MB required for installation and additional space for logs.
Close - Android Requirements
- Supported versions: For a list of supported Zscaler Client Connector versions and supported OS versions for Android, see Supported Versions.
- 21 MB required for installation and additional space for logs.
Close - Android on ChromeOS Requirements
- Supported versions: For a list of supported Zscaler Client Connector versions and supported OS versions for Android on ChromeOS, see Supported Versions.
- 21 MB required for installation and additional space for logs.
- ZIA Prerequisite Tasks
- Configure appropriate security and access settings in the ZIA Admin Portal.
- You must have one of the following for authentication:
- An authentication mechanism configured and users provisioned on the ZIA service.
- If you do not have an authentication mechanism installed, you must use the Zscaler Client Connector Portal as your Identity Provider (IdP) to provision and authenticate users.
- Configure your organization's firewall to allow the necessary connections. For detailed information about the traffic your firewall must allow, go to config.zscaler.com/<Zscaler Cloud Name>/zscaler-app. For example, if your cloud name is zscalertwo.net, you would go to config.zscaler.com/zscalertwo.net/zscaler-app. To learn more, see What Is my cloud name for ZIA?
- (Optional) Enable SSL inspection for users running Zscaler Client Connector. To learn more, see Configuring SSL Inspection for Zscaler Client Connector.
To learn more, see Deploying and Managing Zscaler Client Connector for ZIA.
Close - ZPA Prerequisite Tasks
- Configure appropriate security and access settings in the ZPA Admin Portal.
- SAML-based authentication must be configured and users provisioned. You cannot use the Zscaler Client Connector Portal as an IdP for the ZPA service.
- Ensure that Zscaler Client Connector properly processes traffic for ZPA. To learn more, see Domains to Add to SSL Bypass List.
If you use a PAC file for Zscaler Client Connector, you must add the URLs to the SSL exemptions list on the proxy as well.
Close - ZDX Prerequisite Tasks (Windows and macOS)
To ensure that Zscaler Client Connector properly monitors your users’ digital experience, ensure all destination domains are placed on the allowlist in your SSL bypass list. To learn more, see Allowlist Domains for ZDX.
Close
- Windows Requirements
- Step 2: Configure Your Administration Settings
To configure your administration settings for Zscaler Client Connector, see the following articles:
- Configuring Acceptable Use Policy (AUP) for Zscaler Client Connector
- Configuring Update Settings for Zscaler Client Connector
- Configuring Forwarding Profiles for Zscaler Client Connector
- Configuring User Access to Support & Logging for Zscaler Client Connector
- Configuring Fail-Open Settings for Zscaler Client Connector
- (Optional) If necessary, for ZIA, see Using the Zscaler Client Connector Portal as an Identity Provider.
- (Optional) If necessary, for ZPA, see Configuring Device Posture for ZPA.
To learn more about other administration settings for Zscaler Client Connector, see Policy & Administration Settings.
Close - Step 3: Configure Your Zscaler Client Connector Profiles
Zscaler Client Connector profiles control key settings and behaviors for Zscaler Client Connector. To configure Zscaler Client Connector profiles, see the following articles:
To learn more, see Zscaler Client Connector Profiles.
Close - Step 4: Download Zscaler Client Connector
To download Zscaler Client Connector, see the following articles:
Close - Step 5: Customize Zscaler Client Connector with Installer Options
You can configure a Zscaler Client Connector installer file with installation options that allow you to remove steps from the user enrollment process (e.g., allowing users to skip the enrollment page or the cloud selection prompt on Zscaler Client Connector).
To learn more, see the following articles:
- Customizing Zscaler Client Connector with Install Options (MSI)
- Customizing Zscaler Client Connector with Install Options (EXE)
- Customizing Zscaler Client Connector with Install Options (macOS)
- Step 6: Deploy Zscaler Client Connector
You can install Zscaler Client Connector manually on individual devices or use your organization’s device management mechanism to deploy Zscaler Client Connector on your users’ devices. Before deploying Zscaler Client Connector, see Best Practices for Zscaler Client Connector Deployment. For examples on how to deploy Zscaler Client Connector, see Downloading & Deployment.
Close