icon-zia.svg
Secure Internet and SaaS Access (ZIA)

Firewall Requirements for Using PAC Files

Review the firewall configuration requirements and the destination IP addresses of the service, and then make the necessary configuration changes.

To view the firewall requirements:

  1. Log in to the ZIA Admin Portal.
  2. From the Help menu choose Cloud Configuration Requirements.

Screenshot of the Cloud Configuration Requirements button in the Help menu

On the page that appears, review the Traffic Forwarding Requirements section.

To restrict web access to the Zscaler service only, configure your firewalls to allow outbound traffic from all clients to the service.

Additionally, ensure that you define firewall policies that do not allow traffic to bypass the service and go directly to the Internet, unless it’s explicitly allowed. To deter users with admin rights from installing non-standard browsers to circumvent the Zscaler service, you can use firewall rules to force users to browse through the Zscaler service only.

Related Articles
Writing a PAC FileBest Practices for Writing PAC FilesFirewall Requirements for Using PAC FilesUsing Default PAC Files to Forward Traffic to ZIAUsing Custom PAC Files to Forward Traffic to ZIAForwarding Traffic Based on User's Location Using PAC FilesLoad Balancing for PAC Forwarded TrafficDistributing a PAC File URL to UsersConfiguring Internet Explorer to Use a PAC FileConfiguring Google Chrome to Use a PAC FileConfiguring Mozilla Firefox to Use a PAC FileConfiguring Safari to Use a PAC FileIdentifying the PAC File on a Device Using Browsers