icon-unified.svg
Experience Center

Validating a Client Hostname

Validating a client hostname allows you to enroll endpoints for peer-to-peer connectivity so that you can accept incoming connections from other clients. To enroll the endpoints, a regular expression of allowed hostnames is configured per tenant. This regular expression controls the endpoints to which Zscaler Client Connector allows the peer-to-peer connectivity. Endpoints whose FQDNs match this regular expression are enrolled.

If an application configured for Privileged Remote Access (PRA) matches a valid client hostname configured for peer-to-peer connectivity, and the user's device is also configured for peer-to-peer connectivity, then PRA is not supported.

Prior to enabling peer-to-peer connectivity, the following prerequisites must be met:

  • Ensure that the remote user has installed Zscaler Client Connector version 3.9.0.169 or later on the destination machine that they want to establish the connectivity to. Zscaler Client Connector on the destination machine must have a machine tunnel deployed. To learn more, see Understanding Zscaler Client Connector App Downloads.
  • Ensure that endpoints or devices have valid, complete, and unique FQDNs.

To validate a client hostname:

  1. Go to the Defined Application Segments page (Policies > Access Control > Private Applications > App Segments).
  2. (Optional) If your window is compact and resized, click the Menu icon (menu icon in the ZPA Admin Portal ) to view a drop-down menu of the features.

  1. Click Client Hostname Validation.

Validating a client hostname in the ZPA Admin Portal

The Edit Regular Expression window appears.

  1. In the Regular Expression field, configure a valid regular expression.

Configure a regex in the ZPA Admin Portal

For example, enter the regular expression “.*.example.com” to establish a peer-to-peer connection for devices joined with domains matching this regular expression (e.g., “test.example.com”).

If you have the same namespace for both your applications and workstations, Zscaler recommends creating different application segments for peer-to-peer connectivity and for application access. To successfully enable remote assistance, the application segment designated for peer-to-peer connectivity must match the regular expression defined in step 4.

  1. Click Save.
Related Articles
About ApplicationsConfiguring Defined Application SegmentsEditing Defined Application SegmentsAbout AI-Powered Recommendations for Application SegmentsConfiguring AI-Powered RecommendationsMerging AI-Powered RecommendationsSharing Defined Application SegmentsConfiguring AI-Powered Recommendations SettingsValidating a Client HostnameAdding DNS Search DomainsSetting Application Segment Configuration WarningsAbout AppProtection ApplicationsAbout Privileged Remote Access ApplicationsAbout Application DiscoveryAbout Application AccessUnderstanding Double EncryptionUnderstanding Health ReportingDefining a Dynamically Discovered ApplicationConfiguring Bypass SettingsDisabling Access to ApplicationsUnderstanding Source IP Anchoring DirectUsing Application Segment MultimatchAbout Application Segment ImportUsing Application Segment ImportMerging Imported Application Segments