- Secure Internet and SaaS Access (ZIA) Help
- Troubleshooting
- Policy Reasons
Secure Internet and SaaS Access (ZIA)
Policy Reasons
This article provides an explanation of the policy actions that are seen in Insights and NSS reports.
Policy Reason
1
Feature
Description
Access denied due to bad server certificate
SSL
The transaction to an SSL site was blocked due to server certificate validation failure or OCSP revocation check failure.
Access denied due to Domain Fronting
Core Proxy
The transaction that indicates domain fronting due to an FQDN mismatch between:
- The request URL and the request's host header
- The SNI (Server Name Indication) and the inner request's host header
Access denied due to low TLS version
SSL
The inspected or uninspected SSL traffic was blocked due to a minimum TLS version enforcement in Policy > SSL Inspection.
Allow due to insufficient app data
Firewall Filtering
Packets were allowed as the deep packet inspection (DPI) was trying to determine the network application, but the DPI session terminated unexpectedly before any configured policy could be matched.
Allowed
N/A
The transaction was allowed.
Allowed - No Active Content
Sandbox
The file was allowed for download. It was found to be benign and have no active content based on the inline Sandbox static analysis.
Allowed and archived to mailbox
DLP
The transaction violated a DLP policy rule, but it was allowed. An email was sent to the auditor's mailbox.
Allowed and archived to mailbox failed
DLP
The transaction violated a DLP policy rule, but it was allowed. Failed to send an email to the auditor's mailbox.
Allowed and No Scan
Sandbox
The file was allowed for download because a Sandbox policy had the First Time Action of Allow and Do Not Scan.
Allowed due to override
URL Filtering
The transaction was blocked initially but was allowed after the override password was entered.
Blocked - Tenant Restricted
Tenancy Restriction
The transaction was blocked by the a Tenant Restriction policy.
Blocked by Default URL Filtering
URL Filtering
The transaction was blocked by the default URL Filtering policy.
Blocked due to Bad SSL record
SSL
The SSL connection was blocked due to the forwarding of non-SSL traffic to HTTPS port.
Blocked due to invalid server IP
Web Insights Logs
The DNS server resolved an origin server as an invalid IP address.
Blocked due to Rate-based HTTP/HTTP2 Command and Control traffic detection
Advanced Threat Protection
The transaction was blocked by IPS as rate-based botnet command and control traffic was detected in the response.
Blocked due to Server Probe Failure
SSL
Block Undecryptable Traffic in Policy > SSL Inspection is enabled and the Zscaler service was unable to make a server-side connection (TCP or SSL).
Bypassed due to missing config
Firewall Filtering
This implicit rule action is logged when the ZIA Service Edge fails to establish a connection with the Zscaler Central Authority (CA), resulting in the traffic flow passing through Zscaler Firewall or DNS without policy application. This might occur when traffic flow from a specific user or location arrives at the Service Edge for the first time and a connection to the CA is required to apply policies.
Cautioned the use of this Social Network/Blogging site
Cloud App Control
Due to a Cloud App Control policy restricting access to Social Networking cloud apps, the transaction was cautioned.
Cautioned to post message to this site
Cloud App Control
Due to a Cloud App Control policy that restricts the user from posting content to Social Networking cloud apps, the transaction was cautioned.
Cautioned to upload media files to this site
Cloud App Control
Due to a Cloud App Control policy that restricts the user from uploading a file to Streaming Media or File Sharing cloud apps, the transaction was cautioned.
Cautioned to use this File Share site
Cloud App Control
Due to a Cloud App Control policy that restricts access to File Sharing cloud apps, the transaction was cautioned.
Cautioned to use this Webmail site
Cloud App Control
Due to a Cloud App Control policy that restricts access to Webmail cloud apps, the transaction was cautioned.
Communication with ad sites
Mobile Malware Protection
The transaction was generated by an application that communicates with ad sites and was blocked by Mobile Malware Protection policy.
Communication with unknown servers
Mobile Malware Protection
The transaction was generated by an application which communicates with unknown third party servers and was blocked by Mobile Malware Protection policy.
Country block outbound request: not allowed to access sites in this country
Advanced Threat Protection
Access request to a country was blocked due to an Advanced Threat Protection Suspicious Countries policy.
Custom reputation block outbound request malicious URL
Advanced Threat Protection
The destination in the request is part of your Blocked Malicious URLs list and the transaction was blocked.
DNAT with redirect to FQDN failed
Firewall Filtering
The transaction was blocked due to an unreachable FQDN in a NAT Control rule.
Dropped due to failed client SSL handshake
SSL
The transaction was dropped due to a failure in client SSL handshake. To learn more, see Client SSL Handshake Failure Reason.
Dropped due to internal error
Firewall Filtering
This implicit rule action is logged when the Firewall has received the user-side traffic but it fails to establish the internet-side connection, resulting in the traffic flow being dropped. This might occur when the Service Edge infrastructure is momentarily overused.
Fake Proxy Authentication
N/A
Used if the server sends a 407 response code (Proxy-Authenticate) for remote users. This is done as the server is asking the service to disclose authentication information.
File Attachment not allowed
Cloud App Control
An attempt to attach a file to an email on a webmail application was blocked due to a Cloud App Control policy.
Filetype download cautioned
File Type Control
The file download was cautioned due to a File Type Control policy.
Filetype upload cautioned
File Type Control
The attempt to upload the file was cautioned due to a File Type Control policy match.
Filetype upload/download cautioned
File Type Control
The attempt to upload or download a file was cautioned due to a File Type Control policy match.
FTP access is blocked by a firewall policy
Firewall Filtering
Access to an FTP Network Service or Network Application was blocked due to a Firewall Filtering rule.
Information identifying the device
Mobile Malware Protection
The transaction was generated by an application which shares device information and was blocked by Mobile Malware Protection policies.
Insecure user credentials
Mobile Malware Protection
The transaction was generated by an application which transmits user credentials in clear text and was blocked by Mobile Malware Protection policies.
Internet access cautioned
URL Filtering
The transaction was cautioned due to a URL Filtering policy.
IPS block inbound response: adware/spyware traffic
Advanced Threat Protection
Adware or spyware traffic was detected in the response and blocked by IPS.
IPS block inbound response: anonymization site
Advanced Threat Protection
Access to anonymization sites was blocked in the response by IPS.
IPS block inbound response: botnet command and control traffic
Advanced Threat Protection
Botnet command and control traffic was detected in the response and blocked by IPS.
IPS block inbound response: malicious content
Advanced Threat Protection
Malicious content was detected in the response and blocked by IPS.
IPS block inbound response: page contains known browser exploits
Advanced Threat Protection
Known browser exploits were detected and the access attempt was blocked by IPS.
IPS block inbound response: page contains known dangerous ActiveX controls
Advanced Threat Protection
Known dangerous ActiveX controls were detected in the response and blocked by IPS.
IPS block inbound response: phishing content
Advanced Threat Protection
Potential phishing content was detected in the response and blocked by IPS.
IPS block inbound response: webspam traffic
Advanced Threat Protection
Web spam traffic was detected in the request and blocked by IPS.
IPS block inbound response. IRC use/tunneling
Advanced Threat Protection
IRC use or tunneling was detected in the request and blocked by IPS.
IPS block inbound: file contains known vulnerabilities.
Advanced Threat Protection
The attempt to download a file was blocked by IPS because it was found to have known vulnerabilities.
IPS block outbound request: adware/spyware traffic
Advanced Threat Protection
Adware or spyware traffic was detected in the request and blocked by IPS.
IPS block outbound request: botnet command and control traffic
Advanced Threat Protection
Botnet command and control traffic was detected in the request and blocked by IPS.
IPS block outbound request: browser cookie theft
Advanced Threat Protection
The request to the site was blocked because the site was detected to potentially steal browser cookies by IPS.
IPS block outbound request: cross-site scripting (XSS) attack
Advanced Threat Protection
The site was detected to be vulnerable to XSS attacks and the request was blocked by IPS.
IPS block outbound request: IRC use/tunneling
Advanced Threat Protection
IRC use or tunneling was detected in the request and blocked by IPS.
IPS block outbound request: page contains known browser exploits
Advanced Threat Protection
Known browser exploits were detected and the transaction was blocked by IPS.
IPS block: SSH use/tunneling
Advanced Threat Protection
SSH use or tunneling was detected and blocked by IPS.
IPS or Reputation block: Crypto Mining traffic
Advanced Threat Protection
Cryptomining traffic was detected and blocked by IPS.
Known security vulnerabilities
Mobile Malware Protection
The transaction was generated by an application which has known security vulnerabilities and was blocked by Mobile Malware Protection policies.
Location information leak
Mobile Malware Protection
The transaction was generated by an application which shares location information and was blocked by Mobile Malware Protection policies.
Malicious behavior
Mobile Malware Protection
The transaction was generated by an application which is known to be malware and was blocked by Mobile Malware Protection policies.
Malware block: malicious file
Malware Protection
The download attempt of malicious content or files was blocked due to a signature match by the inline antivirus engine.
Not allowed during this time of day
Cloud App Control, File Type Control, URL Filtering
The transaction was blocked by a policy which restricts access to internet resources based on time of the day.
Not allowed the use of this business site
Cloud App Control
Due to a Cloud App Control policy that restricts access to business cloud apps, the transaction was cautioned.
Not allowed the use of this Consumer site
Cloud App Control
Due to a Cloud App Control policy that restricts access to Consumer cloud apps, the transaction was blocked.
Not allowed the use of this enterprise site
Cloud App Control
Due to a Cloud App Control policy that restricts access to enterprise cloud apps, the transaction was blocked.
Not allowed the use of this Hosting Providers site
Cloud App Control
Due to a Cloud App Control policy that restricts access to hosting cloud apps, the transaction was blocked.
Not allowed the use of this IT Services site
Cloud App Control
Due to a Cloud App Control policy that restricts access to IT services cloud apps, the transaction was blocked.
Not allowed the use of this Mobile App Store
Mobile App Store Control
Access to the mobile application store was denied due to Mobile App Store Control policy.
Not allowed the use of this sales and marketing site
Cloud App Control
Due to a Cloud App Control policy that restricts access to Marketing cloud apps, the transaction was blocked.
Not allowed the use of this site with personal credentials
Cloud App Control
The transaction was blocked due to Google Apps and Microsoft Login Services tenant restrictions in the respective Cloud App Control Policy rule.
Not allowed the use of this Social Network/Blogging site
Cloud App Control
Due to a Cloud App Control policy that restricts access to Social Networking cloud apps, the transaction was blocked.
Not allowed the use of this system and development site
Cloud App Control
Due to a Cloud App Control policy that restricts access to System and Development cloud apps, the transaction was blocked.
Not allowed to access internet
Locations
Access to the internet, including non-HTTP traffic, was blocked because the user has not accepted the Acceptable Use Policy. This option is set in Locations > Enable AUP > Block Internet Access.
Not allowed to access this file type
File Type Control
The file was blocked due to a File Type Control policy being triggered.
Not allowed to access to FTP sites
FTP Control
The transaction was blocked as the user does not have Allow FTP over HTTP enabled in FTP Control.
Not allowed to browse this category
URL Filtering
The transaction triggered a URL Filtering policy which has a Block action.
Not allowed to browse this category, needs override
URL Filtering
The transaction triggered a URL Filtering policy which has a Block action and provides an override option.
Not allowed to browse this P2P site
Advanced Threat Protection
Access to a known peer-to-peer site was blocked.
Not allowed to browse with unknown user agent
Advanced Threat Protection
An unknown user agent was detected and the transaction was blocked.
Not allowed to establish SSL connection due to policy
SSL
The traffic was blocked due to an SSL inspection policy which has a Block action.
Not allowed to post message to this site
Cloud App Control
Due to a Cloud App Control policy, an attempt to post content to a Social Networking application was blocked.
Not allowed to send webmail
Cloud App Control
Due to a Cloud App Control policy that restricts access to sending out emails from webmail cloud apps.
Not allowed to upload media files to this site
Cloud App Control
Due to a Cloud App Control policy that restricts access to uploading files to Streaming Media cloud apps.
Not allowed to upload media files to this site
Cloud App Control
Due to a Cloud App Control policy that restricts access to uploading files to File Sharing cloud apps, the transaction was blocked.
Not allowed to upload/download encrypted or password-protected archive files
Malware Protection
The file was blocked because it was encrypted or password protected and the policy to block Password-Protected Archive Files files was enabled under Malware Protection.
Not allowed to upload/download files of size greater than configured limit
Bandwidth Control
The user attempted to upload or download a file larger than the limit configured in your policy and the transaction was blocked.
Not allowed to upload/download files of this type
File Type Control
The attempt to upload or download a file was blocked due to a File Type Control policy.
Not allowed to upload/download media files of this type
Cloud App Control
Due to a Cloud App Control policy restricting access to Streaming Media cloud apps, the transaction was blocked.
Not allowed to upload/download media files of this type
Cloud App Control
Due to a Cloud App Control policy, an attempt to upload or download a file to or from a File Sharing cloud app was blocked.
Not allowed to upload/download unscannable file formats
Malware Protection
The file was blocked because the file format is not supported by Zscaler and the policy to block Unscannable Files was enabled in Malware Protection.
Not allowed to use FTP over HTTP for upload
FTP Control
The attempt to upload a file was blocked as the user does not have Allow FTP over HTTP enabled in FTP Control.
Not allowed to use HTTP tunnel
Core Proxy
An HTTP tunneling attempt on a non-HTTP port was detected and blocked as the organization has the option Block tunneling to non-HTTP/HTTPS ports enabled.
Not allowed to use mobile app
Mobile Malware Protection
A mobile application was blocked due to Mobile Malware Protection policy settings.
Not allowed to use this browser
Browser Control
The transaction was generated by a browser that is not allowed by Browser Blocking in Browser Control and was blocked.
Not allowed to use this File Share site
Cloud App Control
Due to a Cloud App Control policy that restricts access to File Sharing cloud apps, the transaction was blocked.
Not allowed to use this IM site
Cloud App Control
Due to a Cloud App Control policy that restricts access to instant messaging cloud apps, the transaction was blocked.
Not allowed to use this Streaming Media site
Cloud App Control
Due to a Cloud App Control policy that restricts access to streaming media cloud apps, the transaction was blocked.
Not allowed to use this Webmail site
Cloud App Control
Due to a Cloud App Control policy that restricts access to webmail cloud apps, the transaction was blocked.
PageRisk block inbound response: page is unsafe
Advanced Threat Protection
The transaction was blocked because the content score of the page exceeded the Page Risk index threshold set by the Advanced Threat Suspicious Content Protection policy.
Personally identifiable information (PII)
Mobile Malware Protection
The transaction was generated by an application which shares personally identifiable information and was blocked by Mobile Malware Protection policies.
Quarantined
Sandbox
An attempt to download a file was temporarily held due to a Sandbox First Time Action policy set to Quarantine.
Reputation block outbound request malicious URL
Advanced Threat Protection
The transaction was blocked because the destination in the request is known to serve malware.
Reputation block outbound request: adware/spyware site
Advanced Threat Protection
Access to a known adware or spyware site was denied based on the reputation of the destination.
Reputation block outbound request: anonymization site
Advanced Threat Protection
Access to the destination was blocked due to the destination's reputation to be an anonymizer.
Reputation block outbound request: botnet site
Advanced Threat Protection
A request was made to a known Command and Control Server and the transaction was blocked.
Reputation block outbound request: phishing site
Advanced Threat Protection
The transaction was blocked because the request was made to a known Phishing site.
Reputation block outbound request: webspam
Advanced Threat Protection
Web spam traffic was detected in the response and blocked by IPS.
Request method cautioned
URL Filtering
An attempt to post content to a webpage was cautioned by a URL Filtering policy.
Request method not allowed for this category
URL Filtering
The transaction triggered a URL Filtering policy which blocks the POST method.
Sandbox block inbound response: malicious file
Sandbox
This file was blocked because it was found to be malicious.
Secure Browsing blocked an outdated/disallowed component
Browser Control
An outdated component was detected and the transaction was blocked by the Browser Vulnerability Protection policies.
Secure Browsing warned about an outdated/disallowed component
Browser Control
An outdated component was detected and the user was warned by the Browser Vulnerability Protection policies.
Time quota exceeded daily limit
Cloud App Control, URL Filtering
The transaction was blocked due to a time quota associated with a policy.
Timed out while waiting for a config
Firewall Filtering
This implicit rule action is logged when the ZIA Service Edge has established a connection with the CA but the requested configuration does not arrive from the CA within the expected time period (typically 5 seconds). This might occur when traffic flow from a specific user or location arrives at the Service Edge for the first time and a connection to the CA is established but there is no response from the CA within the expected time frame.
Undecryptable Traffic Block
Cloud App Control
The traffic from applications that used non-standard encryption methods was blocked as the Block Undecryptable Traffic option is enabled under Policy > SSL Inspection.
Violates Compliance Category
DLP
Due to a DLP policy violation, the transaction was blocked.
Violates Compliance Category, archive to mailbox
DLP
The transaction was blocked due to a DLP policy violation. Email was sent to the auditor's mailbox.
Violates Compliance Category, archive to mailbox failed
DLP
The transaction was blocked due to a DLP policy violation. Failed to send email to the auditor's mailbox.
Volume quota exceeded daily limit
Cloud App Control, URL Filtering
The transaction was blocked due to a volume quota associated with a policy.
Web application is blocked by Firewall rule
Firewall Filtering
Access to the Network Application was blocked because it is part of a Firewall Filtering rule.
to
of
Page
of
Was this article helpful? Click an icon below to submit feedback.
Related Articles
Capturing HTTP Headers on Microsoft EdgeExecutive Insights App Errors and TroubleshootingAbout Zscaler AnalyzerUsing the Zscaler Cloud Performance Test ToolAvoiding Google Captcha and Geolocation IssuesCapturing HTTP Headers on Google ChromeCapturing HTTP Headers on Mozilla FirefoxCapturing HTTP Headers on SafariEnabling Remote AssistanceManaging the QUIC ProtocolMeasuring the Performance of the Zscaler ServicePolicy ReasonsSupporting Citrix XenApp & XenDesktop Applications