Ways to setup forward lookup for Google and facebook in Zscaler & rest should be done via local DNS of company ?
What is IP Zscaler Use?
Visit ip.zscaler.com on the user’s device to see if the user’s traffic is directed to the Zscaler service. On the My IP Address tab, you may get information about the Zscaler cloud to which the device is sending traffic as well as connections to other connectivity-checking tools.
How do I find my Zscaler IP?
To locate the Virtual IP (VIP) addresses of Zscaler software on your machine.
Go to config.zscaler.com/<Zscaler Cloud Name>/cenr.
- URL filtering in Zscaler is a way of “blocking” certain URLs from loading on a company network. If an employee would attempt to visit this URL, either by entering it manually or clicking a link in a search engine, they will be redirected to a page notifying them that this content is blocked.
- If you have a URL Filtering policy rule that prohibits www.youtube.com but a Cloud App Control policy rule that permits accessing Youtube.
- Then user will still be able to access Youtube. This is because if a Cloud App Control policy rule permits the transaction, the service does not automatically apply the URL Filtering policy.
DNS inclusion and exclusion working Overview?
- In Zscaler, a cloud-based security platform, DNS inclusion and exclusion are important because they allow administrators to control which domain names are accessible to users and which are blocked.
- By including certain domain names in the Zscaler platform, administrators can ensure that users can access specific websites or services that are deemed safe and necessary for their work. On the other hand, by excluding certain domain names, administrators can block access to websites or services that are known to be malicious or that are not needed for their work.
- DNS inclusion and exclusion can also be used to enforce compliance with organizational policies. For example, an organization might have a policy that prohibits access to social media sites, and can use DNS exclusion to block access to those sites for all users.Overall, Zscaler DNS inclusion and exclusion feature is a powerful tool that allows administrators to control access to the Internet and enforce security and compliance policies, while providing a better user experience by allowing them to access the content they need.
Below is example to understand it better
When a user makes a request for a website, the Zscaler Client Connector first checks if the domain name is on the inclusion or exclusion list.
- If the domain is on the inclusion list, then Zscaler will handle the request, and allow the user to access the website.
- If the domain is on the exclusion list, then Zscaler will block access to the website.
Additionally, the process also checks subdomains of a domain. For example, if the domain “youtube.com” is on the inclusion list, then requests for “abc.youtube.com” or “xyz.youtube.com” will also be allowed.
In case the domain is on exclusion list, further decision will be taken by Zscaler by checking Z-Tunnel2.0 IP Destination Inclusion/Exclusion lists .It takes into account the IP address that the domain resolves to, and checks if that IP address is on the inclusion or exclusion list. If it is on the inclusion list, the request will be allowed, otherwise it will be blocked. This step is for scenarios in which the domain is not directly included or excluded in the domain inclusion or exclusion list, the decision to allow or block the request is made based on the IP address that the domain resolves to, ensuring an additional layer of security
In summary, the Zscaler Client Connector checks the domain inclusion and exclusion lists, and makes a decision to allow or block a request based on that. If the domain is not included or excluded, then it checks IP address as well to take further decision.
Source by- https://quicksoftwarereview.com