Jamfg Firewall management to allow Zscaler processes

Question

I am setting up Zscaler for my Org and this requires adding several processes to the MacOS native firewall. We are hoping to use Jamf for this however we seem to be limited by Zscaler not knowing the bundle ID of their products as well as the format not meshing well with the Jamf Firewall allowlist. Has anyone configured this in the past?

I'm looking to allow the following: (from https://help.zscaler.com/client-connector/zscaler-client-connector-processes-allowlist)

Zscaler: Inbound
Zscaler: Outbound
ZscalerService: Inbound
ZscalerService: Outbound
ZscalerTunnel: Inbound
ZscalerTunnel: Outbound
ZscalerUpdater: Outbound
UPMServiceController: Inbound
UPMServiceController: Outbound
/Applications/Zscaler/.Updater/autoupdate-osx.app/Contents/MacOS/ZscalerUpdater: Inbound
/Applications/Zscaler/.Updater/autoupdate-osx.app/Contents/MacOS/ZscalerUpdater: Outbound
/Library/Application Support/Zscaler/ZDP/bin/zdpd: Outbound
/Library/Application Support/Zscaler/ZDP: Inbound
/Library/Application Support/Zscaler/ZDP: Outbound

Page 1 / 1

Are you actually using Jamf to manage your firewall? I recommend looking in to using Zscalers packet filter. MDM is really not the right tool to manage the OS firewall and only the most basic functionality is built in to the MDM Framework, most of the firewall tools are in the Security Framework.

@Jschribs @AJPinto How are you bypassing these processes on macOS native FW?

AJPinto · Answer

Are you actually using Jamf to manage your firewall? I recommend looking in to using Zscalers packet filter. MDM is really not the right tool to manage the OS firewall and only the most basic functionality is built in to the MDM Framework, most of the firewall tools are in the Security Framework.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded