icon-zpa.svg
Secure Private Access (ZPA)

About AppProtection Applications

When creating an application segment, you can identify the web applications that require AppProtection before users can access those applications. This is done by using various levels and types of custom and predefined controls in an AppProtection profile before ZPA provides access. This provides another way to protect your applications from users that should not have access.

AppProtection application segments provide the following benefits and enable you to:

  • Identify and select applications for protection against attacks related to OWASP predefined controls and zero-day threats.
  • Configure HTTP/S ports and provide certificates for inspection of encrypted traffic.

When you define an application within an application segment and enable AppProtection for the application, Zscaler Client Connector access is automatically applied. This allows your users to request access to the application via any web browser that supports TLS 1.2 (with cipher suite ECDHE-RSA-AES128-GCM-SHA256) or via Zscaler Client Connector. ZPA supports HTTP and HTTPS protocols.

About the AppProtection Page

On the AppProtection page (Resource Management > Application Management > AppProtection), you can do the following:

  1. Expand all the rows in the table to see more information about each application.
  2. Filter the information that appears in the table. By default, no filters are applied.
  3. View a list of all applications that were specifically configured for AppProtection within an application segment. For each application, you can see:
    • Name: The name of the application. When expanded, the following information is displayed:
      • Segment Group: The segment group that the application segment is a member of.
      • Server Groups: The server groups that the application is hosted on.
      • Certificate: The certificates associated to the specified application.
    • Domain: The fully qualified domain name (FQDN) associated to the application.
    • Status: Indicates that the application segment is enabled or disabled.
    • Application Protocol: The protocol (HTTPS or HTTP) used for the application.
    • Application Port: The port number used for the application.
  4. Edit an existing application segment.
  5. Delete an application.
  6. Go to the Application Segments page to add a new application segment or manage existing application segments.
  7. Go to the Browser Access page to manage applications where Browser Access is enabled.
  8. Go to the Privileged Remote Access page to manage applications where Privileged Remote Access is enabled.
  9. Go to the Segment Groups page to add a new segment group or manage existing groups.

AppProtection page with AppProtection applications in the ZPA Admin Portal

Related Articles
About ApplicationsConfiguring Defined Application SegmentsEditing Defined Application SegmentsAbout AI-Powered Recommendations for Application SegmentsConfiguring AI-Powered RecommendationsMerging AI-Powered RecommendationsSharing Defined Application SegmentsConfiguring AI-Powered Recommendations SettingsValidating a Client HostnameAdding DNS Search DomainsSetting Application Segment Configuration WarningsAbout AppProtection ApplicationsAbout Privileged Remote Access Applications About Application DiscoveryAbout Application AccessUnderstanding Double EncryptionUnderstanding Health ReportingDefining a Dynamically Discovered ApplicationConfiguring Bypass SettingsDisabling Access to ApplicationsUnderstanding Source IP Anchoring DirectUsing Application Segment MultimatchAbout Application Segment ImportUsing Application Segment ImportMerging Imported Application Segments