Posted on 10-08-2014 10:39 AM
Is anyone using Zscaler in their environment. We are getting ready to deploy it at my company this week.
http://www.zscaler.com/
Posted on 05-12-2015 08:09 AM
Hi! Are you available to discuss how your rollout went? We are in the process of deploying Zscaler with casper and haven't had the best experience thus far. Any insight would be appreciated!
Thanks
Posted on 05-12-2015 09:22 AM
The biggest challenge we had was reconfiguring firefox to use the certificates. I created a configuration profile that pushed out the necessary system certificates to the users keychains. We initially had an issue with Safari not being able to authenticate to zscaler but that issue has since been resolved. Do you guys have SSO setup in your shop? Our MAC's are binded to Active Directory so it uses domain username and password.
Posted on 02-07-2017 02:12 PM
We are just getting around to this on our shop. How did you guys deploy the Zscaler App?
Posted on 05-10-2017 11:11 AM
We are about to roll it out also. Any tips would be appreciated.
Posted on 05-11-2017 06:01 PM
I'm keen to see who others have approached the use of SSO for proxy related authentication.
@asegura @osc-russell @wmateo - it would be great to hear about your journey's specifically with this implementation and what you have learnt, and what you might do different given another go.
Posted on 05-11-2017 06:07 PM
I'll start the ball rolling:
- How did you set proxy configuration?
- Through Network Locations or a proxy configuration policy?
- Do you support SSO? Are you using Kerberos?
- What supporting tooling do you use / have you used to help support SSO? Nomad etc.
- What configuration elements might have caused you issue and what did you do to resolve?
Thanks for your input.
Posted on 09-01-2017 12:52 AM
Zscaler has a pretty good integration with okta. User provisioning is done via SAML token. Once user is authenticated into SSO provider, the SAML token is granted and user can browse the internet. There are couple implementation scenarios with bringing web traffic to ZScaler Cloud. One method is pointing the web browser directly to ZScsler cloud (need to work with PAC file for the browser of choice) another is with creating an IPSec tunnel from on-prem customer owned firewalls to zscaler cloud.
For mobile devices need to use zscaler mobile app, which was recently updated.
ZScaler will have a user forum up (no need to be a customer) in a few weeks: community.zscaler.com
There is also a resource page https://www.okta.com/zscaler
Posted on 10-08-2017 11:42 PM
Are anyone of you actively using the Zscaler app?
I am testing it on my Mac at the moment, but I am seeing issues with websites not loading in Safari.
Sometimes several refreshes will get the page loading, other times not.
Has anyone of you done any specific configurations to make it work properly?
Any tips are highly appreciated.
Posted on 11-10-2017 08:51 AM
I am testing the zscaler install with a script but the zscaler app window keeps coming up blank.
Going off this link: https://help.zscaler.com/zia/customizing-zscaler-app-install-options-mac
When I run the plain installer, I get the attached blank window. When I make a script like the link shows, I still get the blank window. My traffic does not show up in the admin console.
I removed it and reinstalled to the same issue, even reimaged the Mac back to factory fresh and still get the error.
Any suggestions?
Posted on 03-12-2018 06:13 PM
anyone did kerberos implementation with zscaler ?
Posted on 03-01-2019 03:28 PM
The main question is how to push ZScaler root CA so it could be used by ZScaler app for ssl-decryption.
As long as the authentication method is SSO with Okta, there should be no issues with forwarding the traffic from IOS-devices to ZScaler.
Posted on 03-05-2019 05:50 AM
How's everyone repackaging this? I was given a zip with the installer.app and a command to run the installbuilder.sh ... which is supposed to add the registrations/company info etc. Tried a few times and it doesn't appear to be working.
Posted on 03-08-2019 01:31 PM
@avshch add on the challenge of installing that root CA into FireFox since it does not use the root CA list in Keychain. I don't know this one and we are manually touching it.
Posted on 03-08-2019 02:12 PM
@swhps since version 64 of FF you can now enable via policies:
Mozilla Policy Templates for Firefox
Specifically this key:
<key>Certificates</key>
<dict>
<key>ImportEnterpriseRoots</key>
<true/>
</dict>