Documentation
Zscaler Connectors
Developer Center
Zscaler Legacy
Training & Certification
Tools
Experience Center Help
- Getting Started with Zscaler
- Executive Insights App
- Onboarding New Users
- Setting Up Policies
- Configuring URL Filtering Policies
- Reviewing SSL Inspection Policies
- Reviewing Cyber Threat Protection Policies
- Reviewing Data Protection Policies
- Configuring User Privacy
- Configuring Blocked Countries
- Adding Your Company Logo to User Notifications, Emails, and Banners
- Reviewing and Activating Policies
- Admin Portal Access & Navigation
- Analytics
- Unified Dashboards
- Networking
- Digital Experience
- Cybersecurity
- Operational
- Copilot
- Internet & SaaS
- About Dashboards
- About Widgets
- Adding Notes to Dashboards and Interactive Reports
- Web Data Types and Filters
- Mobile Data Types and Filters
- Firewall Data Types and Filters
- DNS Data Types and Filters
- Tunnel Data Types and Filters
- Endpoint DLP Data Types and Filters
- Email DLP Data Types and Filters
- Extranet Data Types and Filters
- Reports
- About Cybersecurity Insights
- About Interactive Reports
- About Industry Peer Comparison
- About the System Audit Report
- About the Sandbox Activity Report
- Scheduling the Sandbox Activity Report Weekly Email
- About the Sandbox Files Found Malicious Report
- Scheduling the Sandbox Files Found Malicious Report Weekly Email
- CIPA Compliance Report
- About the Company Risk Score Report
- About the User Risk Report
- Company Summary Report (CIO Report)
- Company Summary Report (CSO Report)
- Security Policy Audit Report
- Executive Insights Report
- About SaaS Assets Summary Report
- Viewing Internet & SaaS Quarterly Business Review Reports
- About Configuration Risk Report
- About the Data Discovery Report
- Viewing Data Discovery Details
- About the IoT Discovery Report
- About Discovered Devices
- Providing Feedback on IoT Device Classifications
- About Scheduled Reports
- Scheduling Reports
- Exporting and Importing Reports
- Printing Reports
- About Endpoint DLP Report
- About Endpoint DLP Report: Incidents
- About the Email Security Report
- About Email Security Report: Incidents
- About the Gen AI Security Report
- About the Instance Discovery Report
- Viewing the Resource Discovery Report
- Private Applications
- Application, User, and Health Monitoring
- Viewing Quarterly Business Review Reports for Private Applications
- Viewing the Applications Dashboard
- Viewing the Users Dashboard
- Viewing the Health Dashboard
- Viewing the Source IP Anchoring Dashboard
- Accessing User Activity Diagnostics
- Viewing User Status Diagnostics
- Understanding Session Status Codes
- App Connector Monitoring
- Private Service Edge Monitoring
- AppProtection and Browser Protection Monitoring
- Viewing the Browser Protection Dashboard
- Viewing the API Protection Dashboard
- Viewing the AppProtection Dashboard
- Accessing AppProtection Diagnostics
- Accessing AD Protection Diagnostics
- Accessing Clientless Access Diagnostics
- Accessing Application Protocol Diagnostics
- Accessing API Protection Diagnostics
- Viewing the Protocol Discovery Dashboard
- Accessing Protocol Discovery Diagnostics
- Viewing the Active Directory Protection Dashboard
- Client Connector
- Digital Experience Monitoring
- Dashboards
- Applications
- Monitoring Applications
- Understanding Webex Call Quality for Digital Experience Monitoring
- Understanding Microsoft Teams Call Quality for Digital Experience Monitoring
- Understanding Zoom Call Quality for Digital Experience Monitoring
- Zoom Call Quality for Digital Experience Monitoring Integration Requirements
- Users
- Inventory & Device
- Diagnostics
- Reports
- Cloud & Branch Connector
- Administration
- Account Management
- ZIdentity
- Sign On Policy
- Admin, User, & Role Management
- Admins & Roles
- Departments
- Users
- User Groups
- Attributes
- Entitlements
- IdP Configuration
- External IdP Configuration
- About External Identity Providers
- Adding OpenID Providers
- Adding SAML Identity Providers
- Configuring Okta as an External IdP
- Configuring Microsoft Entra ID as an External IdP
- Configuring Microsoft AD FS as an External IdP
- Configuring PingOne as an External IdP
- Configuring Auth0 as an External IdP
- Configuring OneLogin as an External IdP
- Configuring PingFederate as an External IdP
- Identity Management
- Authentication
- Internet & SaaS
- Admin, User, & Role Management
- Configuring Role-Based Administration
- Understanding Administrator Management Settings
- Obfuscating User Names for Admins
- Obfuscating Device Information for Admins
- About Auditors
- Adding Auditors
- Administrators
- Role Management
- SAML for Admins
- Identity
- User Management & Authentication Settings
- About Provisioning and Authenticating Users
- About Authentication Default Settings
- Configuring the Default Authentication Profile
- About User Authentication Frequency
- About Zscaler Cookies
- About Surrogate IP
- Exempting URLs and Cloud Apps from Authentication
- Recommended Security Settings for Microsoft Edge Browser
- Authentication Error Codes
- User Management
- Kerberos Authentication
- Identity Proxy Settings
- API Configuration
- About Cloud Service API Key
- Managing Internet & SaaS API Key
- About Sandbox API Token
- Managing Sandbox API Token
- Securing Internet & SaaS APIs with OAuth 2.0
- About OAuth 2.0 Authorization Servers
- Managing OAuth 2.0 Authorization Servers
- OAuth 2.0 Configuration Guide for Okta
- OAuth 2.0 Configuration Guide for Microsoft Entra ID
- Alerts
- Backup & Restore
- Private Applications
- Admin, User, & Role Management
- Admins and Roles
- Delegated Tenant Administration
- Alerts
- API Configuration
- Backup & Restore
- About Backup and Restore for Private Applications
- Creating Scheduled Backup Configurations for Private Applications
- Restoring Policies and Configurations from a Backup for Private Applications
- Viewing Restore Activities and Restore Reports
- Adding Backups Manually for Private Applications
- Editing Backups for Private Applications
- Deleting Backups for Private Applications
- Identity
- IdP & Device Configuration
- IdP Configuration
- IdP Configuration Guides
- SAML Attributes
- User Risk Scores
- Settings
- Machine Authentication
- Emergency Access Authentication
- SCIM Configuration
- About SCIM
- About SCIM Users
- About SCIM Groups
- About SCIM Sync Logs
- About SCIM APIs
- SCIM API Examples
- Enabling SCIM for Identity Management
- Deleting Users in SCIM
- SCIM Configuration Guides
- Digital Experience Monitoring
- Admin, User, & Role Management
- API Configuration
- Alerts
- About Alerts
- Evaluating Individual Alert Details
- Understanding the Alert Email
- Understanding the Alert Status
- Triggering an Alert
- About Rules
- Configuring an Alert Rule
- Editing an Alert Rule
- About Templates
- Managing Templates
- About Labels
- Managing Labels
- Configuring Webhooks
- Webhook Configuration Guides for Supported Platforms
- Client Connector
- Admins, Users, & Role Management
- Zscaler Service Entitlement
- About Zscaler Service Entitlement
- Enabling Private Applications for a Group of Users
- Configuring Private Applications Machine Tunnel for All
- Enabling Digital Experience Monitoring for a Group of Users
- Enabling Deception for a Group of Users
- About Device Groups
- Creating Device Groups
- Searching for Device Groups
- Enabling Private Applications for Device Groups
- Enabling Zscaler Deception for Device Groups
- Enabling Digital Experience Monitoring for Device Groups
- Enabling Internet & SaaS for Device Groups
- Identity
- Platform & Authentication Management
- About Platform Settings
- Enabling Browser-Based Authentication
- Enabling WebView2 Authentication
- Enabling Resizing of the Zscaler Client Connector Authentication Window
- About Zscaler Client Connector IdP
- Using Zscaler Client Connector as an Identity Provider
- Creating a Device Token
- Configuring Passwords for Access in Unattended Mode
- Zscaler Client Connector and Imprivata Integration
- Partner Login
- Zscaler Client Connector Notifications
- Downloading and Deployment
- Understanding Zscaler Client Connector App Downloads
- Customizing Zscaler Client Connector with Install Options for MSI
- Customizing Zscaler Client Connector with Install Options for EXE
- Customizing Zscaler Client Connector with Install Options for macOS
- Customizing Zscaler Client Connector with Install Options for Linux
- Customizing Zscaler Client Connector with Install Options for Android
- Customizing Zscaler Client Connector with Install Options for iOS
- Blocking LAN Access
- Best Practices for Zscaler Client Connector Deployment
- Best Practices for Updating Latest Versions of Zscaler Client Connector Application
- Uninstalling Zscaler Client Connector
- Reverting Zscaler Client Connector to the Previous Version
- Upgrading Zscaler Client Connector
- API Configuration
- Cloud & Branch Connector
- Admin & Role Management
- API Configuration
- SAML for Admins
- Audit Logs
- Policies
- Internet & SaaS
- Access Control
- Cloud Apps
- Cloud App Control Policies
- About Cloud App Control
- Understanding Cloud App Categories
- Adding Rules to the Cloud App Control Policy
- Adding an AI & ML Applications Rule for Cloud App Control
- Adding a Collaboration & Online Meetings Rule for Cloud App Control
- Adding a Consumer Rule for Cloud App Control
- Adding a Custom Applications Rule for Cloud App Control
- Adding a DNS Over HTTPS Services Rule for Cloud App Control
- Adding a File Sharing Rule for Cloud App Control
- Adding a Finance Rule for Cloud App Control
- Adding a Health Care Rule for Cloud App Control
- Adding a Hosting Providers Rule for Cloud App Control
- Adding a Human Resources Rule for Cloud App Control
- Adding an Instant Messaging Rule for Cloud App Control
- Adding an IT Services Rule for Cloud App Control
- Adding a Legal Rule for Cloud App Control
- Adding a Productivity & CRM Tools Rule for Cloud App Control
- Adding a Sales & Marketing Rule for Cloud App Control
- Adding a Social Networking Rule for Cloud App Control
- Adding a Streaming Media Rule for Cloud App Control
- Adding a System & Development Rule for Cloud App Control
- Adding a Webmail Rule for Cloud App Control
- Cloud Applications
- Cloud Application Instances
- Office 365
- Tenant Restriction
- Risk Profiles
- File Type Control
- Firewall
- Understanding Firewall Capabilities
- Configuring Firewall Policies
- Enabling the Firewall for Locations
- Firewall HTTP Tunnel Connectivity
- Configuring Custom Ports
- Application Layer Gateway Enabled Applications for Internet & SaaS
- Firewall Control
- DNS Control
- FTP Control
- Firewall Policy Resources
- About Network Services
- Configuring Network Services
- About Network Service Groups
- Configuring Network Service Groups
- About Network Applications
- About Network Application Groups
- Configuring Network Application Groups
- About Application Service Groups
- About Source IP Groups
- Configuring Source IP Groups
- About Destination IP Groups
- Configuring Destination IP Groups
- About DNS Application Groups
- Configuring DNS Application Groups
- About IP Pool
- About Threat Categories
- Adding Threat Categories
- About EDNS Client Subnet (ECS) Injection
- Adding EDNS Client Subnet (ECS) Prefixes
- About DNS Gateways
- Adding DNS Gateways
- Mobile App Store Control
- URL Filtering
- About URL Filtering
- URL Format Guidelines
- Configuring the URL Filtering Policy
- About URL Categories
- Configuring Custom URL Categories
- About Bulk URL Upload Tool
- About TLD Categories
- Configuring TLD Categories
- Recommended URL & Cloud App Control Policy
- Configuring Advanced Policy Settings
- Adding URLs to the Allowlist
- Enforcing User-Based URL Policies on HTTPS Traffic
- About CIPA Compliance
- Looking Up URLs in Site Review
- Cybersecurity
- Advanced Threat Protection
- Browser Control
- IPS Control
- Malware Protection
- Mobile Malware Protection
- Partner Integration
- Sandbox
- Secure Browsing
- Data Protection
- Data Loss Prevention
- About Data Loss Prevention
- Configuring DLP Policy Rules with Content Inspection
- Configuring DLP Policy Rules without Content Inspection
- Configuring DLP Policy Rules with Evaluate All Rules Mode Enabled
- Configuring DLP Advanced Settings
- Monitoring or Blocking Outbound Content by Data Size
- DLP Policy Configuration Example: Match Only
- Step-by-Step Configuration Guide for Webex Teams Real-Time DLP
- DLP Dictionaries & Engines
- About DLP Dictionaries
- Understanding Predefined DLP Dictionaries
- Editing Predefined DLP Dictionaries
- Cloning Predefined DLP Dictionaries
- Adding Custom DLP Dictionaries
- Defining Patterns for Custom DLP Dictionaries
- Defining Phrases for Custom DLP Dictionaries
- Defining Microsoft Information Protection Labels for Custom DLP Dictionaries
- About DLP Engines
- Understanding DLP Engines
- Editing Predefined DLP Engines
- Adding Custom DLP Engines
- Cloning DLP Engines
- DLP Incident Receiver
- About Zscaler Incident Receiver
- Adding a Zscaler Incident Receiver
- Configuring the Zscaler Incident Receiver for On-Premises VMs
- Configuring the Zscaler Incident Receiver for Amazon Web Services EC2 VMs
- Configuring the Zscaler Incident Receiver for Azure VMs
- About ICAP Receivers for DLP
- About ICAP Communication Between Zscaler and DLP Servers
- Enabling Secure ICAP
- Enabling Unencrypted ICAP
- Adding an ICAP Receiver for DLP
- Configuring the ICAP Server with the Mutual Transport Layer Security (MTLS) CA Certificate
- DLP Index Tool
- DLP Exact Data Match
- DLP Indexed Document Match
- Labels and Tags
- Notification Templates
- Endpoint Data Loss Prevention
- Outbound Email Data Loss Prevention
- What Is Zscaler Outbound Email DLP?
- Step-by-Step Configuration Guide for Zscaler Outbound Email DLP
- Understanding Outbound Email Policy Enforcement
- About Email Tenants
- Adding Email Tenants
- Editing Email Tenants
- Configuring Gmail for Zscaler Outbound Email DLP
- Configuring Microsoft Exchange for Zscaler Outbound Email DLP
- About Email Profiles
- Adding Email Profiles
- Editing Email Profiles
- About Outbound Email Policy
- Configuring Outbound Email Policy Rules
- SaaS Security
- SaaS Application Tenants
- Data at Rest Scanning Policies
- Understanding the Data at Rest Scanning Policy
- About Data at Rest Scanning DLP
- Configuring the Data at Rest Scanning DLP Policy
- Configuring the Data at Rest Scanning DLP Policy Exceptions
- About Data at Rest Scanning Malware Detection
- Configuring the Data at Rest Scanning Malware Detection Policy
- Configuring the Data at Rest Scanning Malware detection Policy Exceptions
- About SaaS Security Scan Configuration
- Understanding SaaS Security Scan Schedules
- Configuring SaaS Security Scan Schedules
- Configuring the Data at Rest Scanning Exceptions
- 3rd-Party App Governance
- Getting Started
- What Is 3rd-Party App Governance?
- Step-by-Step Configuration Guide for 3rd-Party App Governance
- Accessing and Navigating the 3rd-Party App Governance Admin Portal
- SAML Configuration Guide for Okta
- Connecting Your Platforms
- Find Your Application IDs
- Using 3rd-Party App Governance
- About the 3rd-Party App Governance Dashboard
- About the App Inventory
- App Inventory Filters
- Searching for Apps
- Custom Views
- Pre-Vetting Apps
- Uploading Apps in Bulk
- Taking Bulk Actions on Apps
- Revoking and Banning Apps
- Configuring End User Review
- About the App Panel
- Updating the App Risk Score
- Updating the App Finding Status
- About User Inventory
- About the User Panel
- 3rd-Party App Governance Policies
- Posture Management
- Posture Management - Essentials
- Posture Management - Advanced
- Common Configuration & Resources
- Configuring Advanced Settings
- About Rule Labels
- Adding a Rule Label
- About Devices
- About Device Groups
- About Time Intervals
- Defining Time Intervals
- Understanding Workload Groups
- SSL Inspection
- About Secure Sockets Layer (SSL)
- About SSL Inspection
- Supported Cipher Suites in SSL Inspection
- Safeguarding SSL Keys and Data Collected During SSL Inspection
- Adding Custom Certificate to an Application Specific Trust Store
- About SSL Inspection Policy
- Configuring SSL Inspection Policy
- About Intermediate CA Certificates
- Choosing the CA Certificate for SSL Inspection
- Signing a CSR Using the Active Directory Certificate Services
- Configuring Software Protection Intermediate CA Certificate
- Configuring Cloud HSM Protection Intermediate CA Certificate
- Deployment Scenarios for SSL Inspection
- Certificate Pinning and SSL Inspection
- Best Practices for Testing and Rolling Out SSL Inspection
- End User Notifications (EUNs)
- Browser EUNs
- Zscaler Client Connector EUNs
- User Confirmation Notifications
- Private Applications
- Access Control
- Access Policy
- Timeout Policy
- Application Segments
- About Applications
- Configuring Defined Application Segments
- Editing Defined Application Segments
- About AI-Powered Recommendations for Application Segments
- Configuring AI-Powered Recommendations
- Merging AI-Powered Recommendations
- Sharing Defined Application Segments
- Configuring AI-Powered Recommendations Settings
- Validating a Client Hostname
- Adding DNS Search Domains
- Setting Application Segment Configuration Warnings
- About AppProtection Applications
- About Privileged Remote Access Applications
- About Application Discovery
- About Application Access
- Understanding Double Encryption
- Understanding Health Reporting
- Defining a Dynamically Discovered Application
- Configuring Bypass Settings
- Disabling Access to Applications
- Understanding Source IP Anchoring Direct
- Using Application Segment Multimatch
- About Application Segment Import
- Using Application Segment Import
- Merging Imported Application Segments
- Segment Groups
- Servers & Server Groups
- Clientless
- Browser Access
- About Browser Access
- Defining a Browser Access Application within an Existing Application Segment
- Defining a Browser Access Application with Multiple Ports on the Same Domain
- Defining a Browser Access Application with Different External vs. Internal Domains
- Using Wildcard Certificates for Browser Access Applications
- Locating Browser Access Error Codes
- Certificate Management
- Isolation
- Policy Management
- Isolation Policy
- Isolation Profiles
- Internet & SaaS Profiles
- Private Applications Profiles
- Creating Isolation Profiles for Private Applications
- Editing Your Isolation Profile for Private Applications
- Deleting an Isolation Profile for Private Applications
- Forwarding Traffic from Private Applications Profiles to Internet & SaaS in Isolation
- Secure SaaS Access from Unmanaged Devices via User Portal
- Profile Root Certificates
- About Root Certificates for Isolation in Internet & SaaS
- Adding Root Certificates for Isolation in Internet & SaaS
- Editing a Root Certificate for Isolation in Internet & SaaS
- Deleting a Root Certificate for Isolation in Internet & SaaS
- About Root Certificates for Isolation in Private Applications
- Adding Root Certificates for Isolation in Private Applications
- Editing a Root Certificate for Isolation in Private Applications
- Deleting a Root Certificate for Isolation in Private Applications
- Isolation Banners
- Adding a Banner Theme for the Isolation End User Notification in Internet & SaaS
- Editing a Banner Theme for the Isolation End User Notification in Internet & SaaS
- Deleting a Banner Theme for the Isolation End User Notification in Internet & SaaS
- Adding a Banner Theme for the Isolation End User Notification in Private Applications
- Editing a Banner Theme for the Isolation End User Notification in Private Applications
- Deleting a Banner Theme for the Isolation End User Notification in Private Applications
- Privileged Remote Access Management
- Understanding Privileged Remote Access
- Step-by-Step Configuration Guide for Privileged Remote Access
- Privileged Approvals
- Privileged Consoles
- Privileged Credentials
- Privileged Portals
- About Privileged Portals
- Configuring Privileged Portals
- Editing Privileged Portals
- Accessing a Privileged Remote Access Portal
- About the Privileged Remote Access (PRA) File Transfer System
- Uploading and Transferring Files for the PRA File Transfer System
- About My Approvals
- Requesting Approvals in the PRA Portal
- Reviewing Approvals in the PRA Portal
- Privileged Remote Access Policy
- About Portals Policy
- Configuring Portals Policies
- About Privileged Credentials Policy
- Configuring Privileged Credentials Policies
- Editing Privileged Credentials Policies
- About Privileged Policy
- About Privileged Capabilities Policy
- Configuring Privileged Capabilities Policies
- Editing Privileged Capabilities Policies
- User Portal
- Cybersecurity
- AppProtection for Private Application Traffic Controls & Profiles
- About API Protection Controls
- About AppProtection Controls
- About ThreatLabZ Controls
- About Active Directory Controls
- AppProtection for Private Application Traffic Profiles
- Browser Protection Profiles
- Custom Controls
- WebSocket Controls
- AppProtection for Private Application Traffic Policy
- Digital Experience Monitoring
- Configuration
- Applications
- About Applications
- Predefined Applications for Digital Experience Monitoring
- Configuring a Predefined Application
- Configuring Webex Call Quality for Digital Experience Monitoring
- Configuring Microsoft Teams Call Quality for Digital Experience Monitoring
- Configuring Zoom Call Quality for Digital Experience Monitoring
- Configuring Microsoft Intune for Digital Experience Monitoring
- Adding a Custom Application
- Editing an Application
- Managing Top Private Applications
- Probes
- Client Connector
- Common Configuration & Resources
- Cloud & Branch Connector
- Adaptive Access Engine
- Infrastructure
- ZIdentity
- Internet & SaaS
- Traffic Forwarding
- Choosing Traffic Forwarding Methods
- Best Practices for Traffic Forwarding
- Handling DNS Resolution for Various Traffic Forwarding Methods
- Understanding Zscaler Authoritative DNS Servers
- Understanding Subclouds
- About Subclouds
- Editing a Subcloud
- About Data Center Exclusion Based on Traffic Forwarding Method
- Excluding a Data Center Based on Traffic Forwarding Method
- About Static IP
- Self-Provisioning of Static IP Addresses
- Importing Static IP Address from a CSV File
- Understanding Multi-Cluster Load Sharing
- Understanding Proxy Mode
- Determining Optimal MTU for GRE or IPSec Tunnels
- Implementing Zscaler in No Default Route Environments
- Alternative Options to Caching Web Traffic
- Troubleshooting Users' Traffic not Going to the Nearest Internet & SaaS Public Service Edge
- Configuring Disaster Recovery
- Zscaler Traffic Bypasses
- GRE
- Understanding Generic Routing Encapsulation (GRE)
- GRE Deployment Scenarios
- About GRE Tunnels
- Self-Provisioning of GRE Tunnels
- Importing GRE Tunnels from a CSV File
- Configuring GRE Tunnels
- GRE Configuration Guide for Juniper SRX
- GRE Configuration Guide for Cisco 881 ISR
- Locating the Virtual IP Addresses for Internet & SaaS Public Service Edges
- IPSec
- Understanding IPSec VPNs
- Configuring an IPSec VPN Tunnel
- About VPN Credentials
- Adding VPN Credentials
- Importing VPN Credentials from a CSV File
- IPSec VPN Configuration Guide for Cisco ASA 55xx
- IPSec VPN Configuration Guide for Cisco 881 ISR
- IPSec VPN Configuration Guide for Juniper SRX
- IPSec VPN Configuration Guide for Juniper SSG 20
- IPSec VPN Configuration Guide for FortiGate Firewall
- IPSec VPN Configuration Guide for Palo Alto Networks Firewall
- IPSec VPN Configuration Guide for SonicWall TZ 350
- Locating the Hostnames and IP Addresses for Internet & SaaS Public Service Edges
- PAC Files
- Using PAC Files
- Writing a PAC File
- Best Practices for Writing PAC Files
- Firewall Requirements for Using PAC Files
- Using Default PAC Files to Forward Traffic to Internet & SaaS
- Using Custom PAC Files to Forward Traffic to Internet & SaaS
- Forwarding Traffic Based on User's Location Using PAC Files
- Load Balancing for PAC Forwarded Traffic
- Distributing a PAC File URL to Users
- Configuring Internet Explorer to Use a PAC File
- Configuring Google Chrome to Use a PAC File
- Configuring Mozilla Firefox to Use a PAC File
- Configuring Safari to Use a PAC File
- Proxy Chaining
- Location Management
- About Locations
- Configuring Locations
- Understanding Sub-Locations
- Configuring Sub-Locations
- Configuring Multiple Locations and Sub-Locations
- Downloading Location and Sub-Location Information to a CSV File
- Importing Location and Sub-Location Information from a CSV File
- Configuring Dedicated Proxy Ports
- Configuring a Location Without a Static Public IP Address
- About Location Groups
- Configuring Manual Location Groups
- Configuring Dynamic Location Groups
- Configuring Azure Virtual WAN Locations
- Service Edges
- Maintenance Support for Internet & SaaS Virtual Service Edge
- Choosing Between Internet & SaaS Private Service Edges and Virtual Service Edges
- Firewall Configuration Requirements for Internet & SaaS Private Service Edge Deployments
- Using PAC Files for Internet & SaaS Private Service Edge Deployments
- Monitoring Internet & SaaS Virtual Service Edge Clusters
- Terms and Conditions for Internet & SaaS Private Service Edge
- Troubleshooting Internet & SaaS Virtual Service Edges
- Public Service Edge
- Private Service Edge
- Virtual Service Edge
- About Internet & SaaS Virtual Service Edges
- About Internet & SaaS Virtual Service Edge Clusters
- Configuring Internet & SaaS Virtual Service Edge Clusters
- Using an External Load Balancer for Internet & SaaS Virtual Service Edge Clusters
- Configuring Internet & SaaS Virtual Service Edge for Microsoft Azure
- Configuring Internet & SaaS Virtual Service Edge for Amazon Web Services
- Configuring Internet & SaaS Virtual Service Edge for Amazon Web Services with GWLB
- Configuring Internet & SaaS Virtual Service Edge for Microsoft Hyper-V
- Configuring Internet & SaaS Virtual Service Edge for Google Cloud Platform
- Adding Internet & SaaS Virtual Service Edge Instances
- Adding Internet & SaaS Virtual Service Edge Clusters
- Downloading an Internet & SaaS Virtual Service Edge VM
- Downloading Internet & SaaS Virtual Service Edge Certificates
- Configuring Internet & SaaS Virtual Service Edge and NTP Server Synchronization
- Internet & SaaS Virtual Service Edge Configuration Guide for Dual Arm Mode
- Forwarding Traffic to Internet & SaaS Virtual Service Edges
- China Premium Access
- IPv6
- Traffic Capture
- Extranet
- Network Policies
- Bandwidth Control & Classes
- About Bandwidth Control
- Configuring the Bandwidth Control Policy
- Adding Rules to the Bandwidth Control Policy
- Bandwidth Control Policy Example
- About Bandwidth Classes
- Adding Bandwidth Classes
- Configuring the Web Conferencing Applications Bandwidth Class
- Configuring the VoIP Applications Bandwidth Class
- Configuring the Large Files Bandwidth Class
- Certificates
- Forwarding Control
- Dedicated IP
- Customer-Managed Dedicated IP (Source IP Anchoring)
- Zscaler-Managed Dedicated IP
- Third-Party Proxy Chaining
- SNMP MIBs
- Private Applications
- Infrastructure Components
- App Connector Management
- App Connectors
- App Connector Groups
- App Connector Provisioning Keys
- App Connector Deployment Guides for Supported Platforms
- App Connector Software by Platform
- App Connector Deployment Prerequisites
- App Connector Deployment Guide for Amazon Web Services
- App Connector Deployment Guide for Linux
- App Connector Deployment Guide for Docker
- App Connector Deployment Guide for Google Cloud Platform
- App Connector Deployment Guide for Microsoft Azure
- App Connector Deployment Guide for Nutanix AHV
- App Connector Deployment Guide for OpenShift
- App Connector Deployment Guide for VMware Platforms
- Red Hat Enterprise Linux 9 Migration for App Connectors
- Networking Deployed App Connectors
- Configuring a Split DNS Zone for App Connectors
- CentOS 7 Configuration for Long-Term Zscaler Support
- App Connector Managing & Troubleshooting
- App Connector Software Updates
- Private Service Edge Management
- Private Service Edge
- Private Service Edge Groups
- Private Service Edge Provisioning Keys
- Private Service Edge Deployment Guides for Supported Platforms
- Private Service Edge Deployment Prerequisites for Private Applications
- Private Service Edge Software by Platform
- Private Service Edge Deployment Guide for Amazon Web Services
- Private Service Edge Deployment Guide for Docker
- Private Service Edge Deployment Guide for Google Cloud Platform
- Private Service Edge Deployment Guide for Linux
- Private Service Edge Deployment Guide for Microsoft Azure
- Private Service Edge Deployment Guide for VMware Platforms
- Red Hat Enterprise Linux 9 Migration for Private Service Edges
- Disabling Password Expiration for STIG-Hardened Private Service Edge Images
- Networking Deployed Private Service Edges
- Private Service Edge Managing & Troubleshooting
- Private Service Edge Software Updates
- Cloud Connector Management
- Branch Connector Management
- Enrollment Certificates
- Disaster Recovery Administration
- Understanding Disaster Recovery
- Configuring Disaster Recovery
- About Disaster Recovery Settings
- About Disaster Recovery Application Segments
- About Disaster Recovery App Connector Groups
- About Disaster Recovery Private Service Edge Groups
- Understanding and Installing the Zscaler DNS Record Generator
- Creating DNS TXT Records
- Managing Disaster Recovery Configuration and Binary Snapshots
- Client Connector Policies
- Client Forwarding Policy
- Redirection Policy
- Client Connector
- Enrolled Devices
- About Enrolled Devices
- Device States for Enrolled Devices
- Viewing Device Fingerprint for an Enrolled Device
- Accessing One-Time Passwords for Enrolled Devices
- Removing a Device if the Number of Devices Limit is Reached
- Soft Removing a Device from the Admin Portal
- Force Removing a Device from the Admin Portal
- About Machine Tunnels
- About Partner Devices
- Viewing Device Fingerprint Information for a Partner Device
- Interacting with Zscaler Client Connector Remotely
- Application Profiles
- Zscaler Client Connector Profile Management
- About Zscaler Client Connector App Profiles
- Configuring Zscaler Client Connector App Profiles
- Searching for a Zscaler Client Connector App Profile
- Zscaler Client Connector Profile Rule Example
- Viewing the Policy Token for a Zscaler Client Connector App Profile
- Anti-Tampering for Zscaler Client Connector
- Configuring a Default Global Log Mode
- Configuring a Cellular Quota with Zscaler Client Connector for Android
- Syncing Directory Groups between Internet & SaaS and Zscaler Client Connector
- Best Practices for Adding Bypasses for Z-Tunnel 2.0
- About Application Bypass
- Adding IP-Based Applications to Bypass Traffic
- Adding Process-Based Applications to Bypass Traffic
- Zscaler Endpoint Data Loss Prevention (DLP) Integration with Zscaler Client Connector
- Forwarding Traffic Management
- About Forwarding Profiles
- Configuring Forwarding Profiles for Zscaler Client Connector
- Using the Windows Filter Driver for Zscaler Client Connector
- Searching for a Forwarding Profile
- About Trusted Networks
- Configuring Trusted Networks for Zscaler Client Connector
- Searching for a Trusted Network
- About Z-Tunnel 1.0 & Z-Tunnel 2.0
- Deployment
- Zscaler Client Connector Store Settings
- Interoperability
- Domain Validation in Zscaler Client Connector for Private Applications
- Best Practices for Zscaler Client Connector and VPN Client Interoperability
- Zscaler Client Connector and Charles Proxy Interoperability
- Zscaler Client Connector Processes to Allowlist
- Allowing Traffic to the ID Federation URL by Bypassing Zscaler Client Connector
- Enrolling Zscaler Client Connector Users When Using a Proxy
- Using Fiddler with Zscaler Client Connector
- Best Practices for Using PAC Files with Zscaler Client Connector
- Configuration
- Customizing the Zscaler Client Connector User Agent
- Configuring Dedicated Proxy Ports
- About Zscaler Client Connector Integration with Deception
- Zscaler Client Connector Update Intervals
- Zscaler Client Connector Support Settings
- App Supportability
- About App Supportability
- Configuring User Access to Logging Controls for Zscaler Client Connector
- Configuring User Access to Support Options for Zscaler Client Connector
- Configuring User Access to the Restart and Repair Options for Zscaler Client Connector
- Configuring Automatic Username Population for IdP Authentication
- Configuring Automatic Private Applications Reauthentication
- Registering Devices with the Private Applications IdP Username
- Network Performance
- User Privacy
- About User Privacy
- Configuring Zscaler Client Connector to Collect Device Owner Information
- Configuring Zscaler Client Connector to Collect Hostnames
- Enabling Packet Capture for Zscaler Client Connector
- Configuring Automatic Crash Reporting for Zscaler Client Connector
- Configuring Zscaler Client Connector to Collect Digital Experience Monitoring Location Information
- Allow Users to Override Z-Tunnel 2.0 or Private Applications Protocol Settings
- Allowing Non-Administrator Users Access to Zscaler Client Connector Log Files
- Restricting Remote Packet Capture
- Endpoint Integration
- App Fail Open
- Device Cleanup
- Advanced Configuration
- Cloud & Branch Connector
- Location Management
- Provisioning & Configuration
- Forwarding
- Traffic Forwarding
- Log and Control Forwarding
- DNS Policies
- Deployment Management for Virtual Devices
- Cloud Connector Deployment Management
- Deployment Templates for Zscaler Cloud Connector
- Configuring Advanced Settings for Cloud Connector
- Networking Flows for Cloud Connector
- Understanding High Availability and Failover
- Handling DNS Resolutions for Zscaler Cloud Connector
- Storing Your Secret Credentials in HashiCorp Vault for Google Cloud Platform-Based Cloud Connectors
- Branch Connector Deployment Management
- Branch Connector Device Management
- Cloud Connector Partner Integrations
- Cloud Connector Group Management
- Forwarding Methods
- Nanolog Streaming Service
- NSS Deployment Guides
- NSS Feeds
- Adding NSS Feeds
- Adding Cloud NSS Feeds
- Formatting NSS Feeds
- Troubleshooting
- Logs
- Internet & SaaS
- Insights
- About Insights
- About Threat Insights
- SaaS Security Insights
- Analyzing Traffic Using Insights
- Viewing User Reports in Web Insights
- Logs
- About Insights Logs
- About SaaS Security Insights Logs
- DNS Insights Logs: Columns
- DNS Insights Logs: Filters
- Firewall Insights Logs: Columns
- Firewall Insights Logs: Filters
- Mobile Insights Logs: Columns
- Mobile Insights Logs: Filters
- Tunnel Insights Logs: Columns
- Tunnel Insights Logs: Filters
- Web Insights Logs: Columns
- Web Insights Logs: Filters
- Endpoint DLP Insights Logs: Columns
- Endpoint DLP Insights Logs: Filters
- Email DLP Insights Logs: Columns
- Email DLP Insights Logs: Filters
- Extranet Insights Logs: Columns
- Extranet Insights Logs: Filters
- Log Streaming
- Understanding Nanolog Streaming Service (NSS)
- About NSS Servers
- Adding NSS Servers
- About NSS Collector Servers
- Adding NSS Collector Servers
- Syslog Overview
- NSS Deployment Guides
- NSS Feeds
- Adding NSS Feeds
- Adding NSS Feeds
- Adding NSS Feeds for Web Logs
- Adding MCAS NSS Feeds
- Adding NSS Feeds for Firewall Logs
- Adding NSS Feeds for DNS Logs
- Adding NSS Feeds for Tunnel Logs
- Adding NSS Feeds for SaaS Security Logs
- Adding NSS Feeds for SaaS Security Activity Logs
- Adding NSS Feeds for Alerts
- Adding NSS Feeds for Admin Audit Logs
- Adding NSS Feeds for Endpoint DLP Logs
- Adding NSS Feeds for Email DLP Logs
- Adding Cloud NSS Feeds
- Adding Cloud NSS Feeds
- Adding Cloud NSS Feeds for Web Logs
- Adding Cloud NSS Feeds for Firewall Logs
- Adding Cloud NSS Feeds for DNS Logs
- Adding Cloud NSS Feeds for Tunnel Logs
- Adding Cloud NSS Feeds for SaaS Security Logs
- Adding Cloud NSS Feeds for SaaS Security Activity Logs
- Adding Cloud NSS Feeds for Admin Audit Logs
- Adding Cloud NSS Feeds for Endpoint DLP Logs
- Adding Cloud NSS Feeds for Email DLP Logs
- Formatting NSS Feeds
- General Guidelines for NSS Feeds and Feed Formats
- NSS Feed Output Format: Web Logs
- NSS Feed Output Format: Firewall Logs
- NSS Feed Output Format: DNS Logs
- NSS Feed Output Format: Tunnel Logs
- NSS Feed Output Format: SaaS Security Logs
- NSS Feed Output Format: SaaS Security Activity Logs
- NSS Feed Output Format: Admin Audit Logs
- NSS Feed Output Format: Endpoint DLP Logs
- NSS Feed Output Format: Email DLP Logs
- Private Applications
- Insights
- Log Streaming
- About the Log Streaming Service
- Configuring a Log Receiver
- About User Activity Log Fields
- About User Status Log Fields
- About App Connector Metrics Log Fields
- About App Connector Status Log Fields
- About Private Service Edge Metrics Log Fields
- About Private Service Edge Status Log Fields
- About Audit Log Fields
- About Browser Access Log Fields
- About AppProtection Log Fields
- Understanding the Log Stream Content Format
- SIEM Integration for LSS
- Privileged Remote Access Monitoring
- Cloud & Branch Connector
- Release Notes