Extranet resources are created in the Admin Portal and assigned to locations in order to give organizations access to resources managed by partners that are not integrated with the Zscaler service. To learn more, see Understanding Extranet Application Support.

To configure an extranet in the Admin Portal:

• 1. Create an extranet.

  To add an extranet:

  1. Go to Infrastructure > Locations > Extranet.
  2. Click Add Extranet.

  3. In the Add Extranet window:

     • Name: Enter a name for the extranet.
     • Description: (Optional) Enter a description for the extranet.
     • Add a Traffic Selector. You can add more than one:
       • Default: Enable this to designate a traffic selector as the default. You must select a default traffic selector.
       • Name: Enter a name for the traffic selector.
       • IP Address Start: Enter the starting address of the range for the traffic selector.
       • IP Address End: Enter the ending address of the range for the traffic selector. The value should be greater than the starting address. The range of the traffic selector must include a minimum of 20 IP addresses.
     • Add a DNS Server. You can add more than one:
       • Default: Enable this to designate a DNS server as the default. You must select a default DNS server.
       • Name: Enter a name for the DNS Server.
       • DNS Server 1: Enter the IP address of the DNS server 1.
       • DNS Server 2: Enter the IP address of the DNS server 2.

     See image.

     

     Close

  4. Click Save and activate the change.

  Close
• 2. Configure VPN credentials.

  Extranet locations must have a VPN credential assigned to them. The VPN credentials must use the FQDN Authentication Type. If you do not already have FQDN type VPN credentials created, see Adding VPN Credentials.

  Close
• 3. Assign the extranet to a location.

  To use extranet resources, the extranet must be assigned to a location.

  To assign an extranet to a location:

  1. Go to the Locations page.
  2. Add a new location or edit an existing one.

  3. For Location Type, select Extranet from the drop-down menu.

     The Extranet section appears.

  4. In the Extranet section, select the Extranet Resource that you would like to use for the location.

     See image.

     

     Close

  5. Select a Traffic Selector and DNS Server from the drop-down menu, or use the defaults.

  6. In the Addressing section, select the appropriate VPN Credentials for the extranet you are using.

     See image.

     

     Close

  7. Click Save and activate the change.

     After a location is assigned to an extranet, it is automatically added to a dynamic location group for the assigned extranet resource. The Zscaler service creates one if a dynamic location group for the extranet does not already exist.

  Close

Post Configuration

After you have configured extranet resources and locations in the Admin Portal, they become available to Private Applications when configuring server groups and application segments. You can configure Private Applications access policies to manage extranet applications. When you finish extranet configuration for the Zscaler service, communicate with the partners who manage the extranet resources. They need the VPN credentials associated with the Extranet location to create the IPSec tunnel to the Zscaler service.