This release includes support for TLS 1.2, a name change for Behavioral Analysis, and enhancements to the admin portal, dashboards and analytics, Cloud Firewall, and other features.
Zscaler will be upgrading its production clouds with the 5.3 release between November 2016 and February 2017. Zscaler will email a notification to your organization’s registered support contacts approximately one week before your cloud is upgraded. To see scheduled maintenance updates for your cloud, visit the trust portal.
Zscaler now supports TLS 1.2, in addition to TLS 1.0 and 1.1. With SSL inspection enabled, the Zscaler service inspects all TLS sessions. Some of the websites you may have exempted from SSL inspection due to the lack of TLS 1.2 support can now be removed from the exemptions list. Please contact Zscaler Support to confirm which sites can be removed. Note that with this upgrade, the service no longer supports SSLv3 connections. Customers do not need to take any other action to use this feature.
Behavioral Analysis is now called Sandbox in the Zscaler platform. In the Zscaler home page, admin portal, documentation, and elsewhere, you will now see the term Sandbox in place of the term Behavioral Analysis.
The Cloud Sandbox module has also been upgraded with the following:
Users of the Professional Web Suite can now control the following in the Advanced Threat Protection policy:
Previously, these controls were available only with Business Web Suite.
Each admin can now customize dashboards and have sole access to those dashboards, as long as he or she is assigned a role with full dashboard access. Previously, admins that were assigned the same role shared the same dashboards and could not make individual modifications. When an admin logs in for the first time after the upgrade, the admin portal displays the dashboards as the admin last saw them and prompts the admin to customize them to their preferences.
The Threat Class data type now enables you to see advanced threats, viruses and spyware, and sandbox data in one chart in Web Insights and custom dashboards.
In addition to the CIO Report, a new CSO Report is now available under Company Summary Report in Analytics > Interactive Reports. The CSO report provides more security-related data geared toward audiences like your organization’s CSO.
Zscaler has redesigned the login screen for the admin portal. It now features a full screen banner with links to product, security, and service updates.
You can now see the Zscaler cloud software version number at the bottom left of the screen when you log in to the admin portal.
You can now specify any value from 5 minutes to 10 hours for the session timeout duration. Previously, you were required to choose from four predefined options, ranging from 30 minutes to 10 hours.
You can now specify a day of the month or a day of the week on which you want the service to display the Acceptable Use Policy (AUP) to your users. For example, if you select 1 for the day of the month, the service displays the AUP when users log in on the first day of every month. If you select Monday for the day of the week, the service displays the AUP when users log in on Monday every week. Previous to this release, the time intervals for displaying AUP were limited to Never, Once Per Session, Daily, Weekly, Once Per Login, and a Custom option that allows admins to specify, in days, the interval between AUP displays.
You can now search for items in tables using the search bar located at the top right corner. You can also resize column width, reorder columns, sort select columns, and choose the columns you want to view or hide.
To enhance clarity, admin portal fields containing the term “bypass” have been modified as follows:
In Administration > Advanced Settings,
In Policy > SSL Inspection,
In the Security Exceptions tab under Policy > Malware Protection and Policy > Advanced Threats Protection,
Other Renamed Fields:
We have expanded support for applications in our firewall policy. You now have the option to create firewall policy for applications by defining destination FQDNs instead of destination IP addresses. This frees you from having to track and update the IP pools associated with applications in your policy. You can leverage this option in addition to application policies based on signatures Zscaler has defined for common applications. You can also configure the DNAT on your firewall policy action to be an FQDN. This allows easier management of your internal applications.
File Type Control now supports 7-Zip archives and Google WebP image files. You can select these file types when adding rules to your File Type Control policy.
You are no longer required to specify a file type when using the DLP policy to monitor or block outbound data based on size limits. You can choose to have the Zscaler service monitor or block any outbound data that exceeds the size you specify, regardless of file type.
To enable this feature for your organization, you must contact Zscaler Support. Once it is enabled, URLs you whitelist under Security Exceptions in Policy > Malware Protection will also be whitelisted for the Browser Control policy. When your users send traffic to the whitelisted URLs, the Zscaler service will not apply the Browser Control, Malware Protection, Advanced Threats Protection, and Sandbox policies. This could be helpful when your users must use obsolete browsers to access legacy applications but you would still like to block access for general browsing with those obsolete browsers.