About Applications

An application is a fully qualified domain name (FQDN), local domain name, or IP address, which you define on a standard set of ports. Applications must be defined within an application segment.

To enable application discovery, you can define an application as an FQDN in wildcard format or as an IP subnet.

An application segment is a grouping of defined applications, based upon access type or user privileges. So, ZPA features such as double encryption, health check and reporting, etc. are configured per application segment.

Add Application Segment window within the ZPA Admin Portal

Read about the following key configuration options available for your applications before configuring an application segment within ZPA:

About the Application Segments Page

On the Application Segments page, you can do the following:

  1. View and add DNS search domains
  2. Add an application segment
  3. View a list of all application segments that were configured for your organization. For each application segment, you can see the following:
    • Name: The name of the application segment. When expanded, the following information is displayed depending on the applications defined:
      • Segment Group: The segment group that the application segment is a member of
      • Server Groups: The server groups that the applications are hosted on
      • TCP Port Ranges: The TCP port ranges being used to access applications
      • UDP Port Ranges: The UDP port ranges being used to access applications
      • Double Encryption: Indicates whether Double Encryption is enabled or disabled for all applications. By default, if a Browser Access enabled application was defined, Double Encryption is disabled.
      • Bypass: Indicates whether users can bypass ZPA to access applications
      • Certificate: The Browser Access (web server) certificate associated to a Browser Access enabled application
      • Protocol: The protocol (HTTP or HTTPS) used when a request is made to access a Browser Access enabled application
      • Server Port: The web server port number used when a request is made to access a Browser Access enabled application
      • Use Untrusted Certificates: Indicates whether Use Untrusted Certificates is enabled or disabled for a Browser Access enabled application.
      • Canonical Name (CNAME): The canonical name associated to a Browser Access enabled application. You can click the Copy icon to copy the CNAME record to your clipboard.
    • Applications: A list of all defined applications within the application segment. A Browser Access enabled application is denoted by a  Browser Access Icon  icon.
    • Status: Indicates that the application segment is enabled or disabled
    • Health Reporting: Indicates whether health reporting for the application is Continuous or On Access. To learn more, see About Health Reporting.
    • Health Check: Indicates that help checking for the application is enabled or disabled. To learn more, see About Health Check.

Expanding a row provides additional information regarding the defined applications within the application segment (i.e., Segment Group, Server Groups, TCP/UDP Port Ranges, etc.).

  1. Search for an application segment
  2. Edit an existing application segment
  3. Delete an application segment
  4. Expand all of the rows in the table to see more information about each application segment
  5. Go to the Browser Access page, to manage applications where Browser Access is enabled
  6. Go to the Segment Groups page, to add a new segment group or manage existing groups

Application Segments page within the ZPA Admin Portal