Components
- ZeroTrust Exchange (ZTE)
- Zscaler Internet Access (ZIA)
- Zscaler Private Access (ZPA)
- Zscaler Digital Experience (ZDX)
- Mobile Admin portal
- Zscaler Posture Control (ZPC)
- Deception
Zscaler client connector (ZCC)
- on endpoint: Windows, Mac, Linux, iOS, Android
- install files hosted on AWS
- refresh intervals
- network change: app profile, forwarding profile, PAC and policy
- 15 mins: PAC
- 1h: policy update, app profile, forwarding profile
- 2h: software update
- uninstall, disable, logout is protected by OTP per device
- device posture
- certificate trust
- file
- registry key
- client certificate
- firewall active
- AV/EDR
- BitLocker
- part of AD
- process
- OS version
- jailbroken
- detects correct IdP based on user domain
- up to 16 devices per user
- trusted network detection
- FQDN resolved to specific IP
- DNS server
- DNS search domain
- VPN trusted network ≡ trusted network + NIC containing “VPN”
- logs
- Mac: /Library/Application Support/Zscaler
- Windows: ProgramData/Zscaler, AppData/Zscaler
Nanolog
- logs transactions metadata
- differential: only delta is logged + number of occurences
- tokenized: ID only (mapping on SMCA)
- compression – 50:1
- cluster: N+2
- retention
- ZIA: 6 months
- 1h restream is possible (if NSS goes down)
- ZPA: 2 weeks
- 15 mins restream, not guaranteed
- ZDX: 2 days (standard license) / 14 days (advanced license)
- ZIA: 6 months
- in-memory 1h buffering
- syslog: connect to server via app connector