Zscaler. How to enable SSL scanning. on your school s. Zscaler web filter

Similar documents
Using a custom certificate for SSL inspection

SecureAnywhereTM Web Security Service

HRC Advanced Citrix Troubleshooting Guide. Remove all Citrix Instances from the Registry

Secure Traffic Inspection

Using Internet or Windows Explorer to Upload Your Site

Portal Instructions for Mac

SSL Intercept Mode. Certificate Installation Guide. Revision Warning and Disclaimer

Secure Web Appliance. SSL Intercept

QUICK INSTALLATION GUIDE ACTIVATE

How To Set Up The Barclaycard Epdq Cardholder Payment Interface (Cpi) On Papercut (Barclay Card) On A Microsoft Card (For A Credit Card) With A Creditcard (For An Account)

Architecture and Data Flow Overview. BlackBerry Enterprise Service Version: Quick Reference

REQUIREMENTS AND INSTALLATION OF THE NEFSIS DEDICATED SERVER

DreamFactory on Microsoft SQL Azure

isupplier PORTAL ACCESS SYSTEM REQUIREMENTS

Remote Desktop Gateway. Accessing a Campus Managed Device (Windows Only) from home.

Investment Management System. Connectivity Guide. IMS Connectivity Guide Page 1 of 11

How can I protect against the loss of my ID if my device is lost or stolen?

MY HELPDESK - END-USER CONSOLE...

Configuring SSL VPN on the Cisco ISA500 Security Appliance

Wavecrest Certificate

SECURE Web Gateway. HTTPS/SSL Technical FAQ. Version 1.1. Date 04/10/12

Introduction to the AirWatch Browser Guide

Citrix Receiver for Mobile Devices Troubleshooting Guide

Setup Corporate (Microsoft Exchange) . This tutorial will walk you through the steps of setting up your corporate account.

HTTPS Inspection with Cisco CWS

How to generate an APNs Certificate to use the Apple MDM protocol via the portal

Administering Jive Mobile Apps

USG40HE Content Filter Customization

How To Configure A Kiwi Ip Address On A Gbk (Networking) To Be A Static Ip Address (Network) On A Ip Address From A Ipad (Netware) On An Ipad Or Ipad 2 (

Filter Avoidance and Anonymous Proxy Guard

Websense Content Gateway HTTPS Configuration

NEFSIS DEDICATED SERVER

SUMMARY. e-soft s.r.l.

Tenrox. Single Sign-On (SSO) Setup Guide. January, Tenrox. All rights reserved.

Coillte IT has recently upgraded the Remote Access Solution to a new platform.

Astaro Security Gateway V8. Remote Access via SSL Configuring ASG and Client

WildFire Reporting. WildFire Administrator s Guide 55. Copyright Palo Alto Networks

ONLINE ACCOUNTABILITY FOR EVERY DEVICE. Quick Reference Guide V1.0

Configuring PA Firewalls for a Layer 3 Deployment

1. Open the preferences screen by opening the Mail menu and selecting Preferences...

Microsoft Office 365 Using SAML Integration Guide

How to Configure Captive Portal

Customer Tips. Xerox Network Scanning HTTP/HTTPS Configuration using Microsoft IIS. for the user. Purpose. Background

ez Agent Administrator s Guide

RBackup Server Installation and Setup Instructions and Worksheet. Read and comply with Installation Prerequisites (In this document)

User-ID Configuration

A Guide to New Features in Propalms OneGate 4.0

SSL SSL VPN

Configuring ADFS 3.0 to Communicate with WhosOnLocation SAML

Contents First Time Setup... 2 Setting up the Legal Vault Client (KiteDrive)... 3 Setting up the KiteDrive Outlook Plugin Using the Legal Vault

Websense Web Security Gateway: What to do when a Web site does not load as expected

Adobe Marketing Cloud Bloodhound for Mac 3.0

Internet Explorer Security Settings. Help Sheet. Client Services. Version 4 Definitive 21 July 2009

Preventing credit card numbers from escaping your network

Phone: Fax: Box: 230

Step-by-Step guide for SSO from MS Sharepoint 2010 to SAP EP 7.0x

Initial Access and Basic IPv4 Internet Configuration

Web Application Firewall

MaaS360 Mobile Enterprise Gateway

Chapter 7 Managing Users, Authentication, and Certificates

ClicktoFax Service Usage Manual

Load Balancing. Outlook Web Access. Web Mail Using Equalizer

NetSpective Global Proxy Configuration Guide

MaaS360 Mobile Enterprise Gateway

Using the FDO Remote Access Portal

User Guide. Cloud Gateway Software Device

Integrating ConnectWise Service Desk Ticketing with the Cisco OnPlus Portal

CLEARSWIFT SECURE Web Gateway HTTPS/SSL decryption

Configuration Guide. BES12 Cloud

Remote Access Services Microsoft Windows - Installation Guide

Lab Exercise SSL/TLS. Objective. Step 1: Open a Trace. Step 2: Inspect the Trace

Installation Procedure SSL Certificates in IIS 7

Configuring Global Protect SSL VPN with a user-defined port

READYNAS INSTANT STORAGE. Quick Installation Guide

Using EMC Unisphere in a Web Browsing Environment: Browser and Security Settings to Improve the Experience

OneLogin Integration User Guide

Owner of the content within this article is Written by Marc Grote

Configuring. Moodle. Chapter 82

K7 Business Lite User Manual

IQSweb Reference G. ROSS Migration/Registration

Cloud Services MDM. Control Panel Provisioning Guide

User's Guide. Product Version: Publication Date: 7/25/2011

XCM Internet Explorer Settings

UNIFIED COMMUNICATIONS POST-MIGRATION INSTRUCTIONS

FileCloud Security FAQ

F-Secure Messaging Security Gateway. Deployment Guide

Sophos Mobile Control SaaS startup guide. Product version: 6

Infor Xtreme Browser References

Managing Qualys Scanners

SyncThru TM Web Admin Service Administrator Manual

Administering Jive for Outlook

About the Canon Mobile Scanning MEAP Application

Lab Exercise SSL/TLS. Objective. Requirements. Step 1: Capture a Trace

MC3WAVES Wireless Connection Wizard

Multi-Factor Authentication Reference Guide

Time Warner Cable Business Class IP VPN & Managed IP VPN User Guide

Mobile: Getting Started with Workday for ipad

Workspot Configuration Guide for the Cisco Adaptive Security Appliance

Transcription:

Zscaler How to enable SSL scanning on your school s Zscaler web filter August 2012

How to enable SSL scanning on your schools Zscaler web filter: Background Information: If SSL scanning is not enabled the traffic that occurs using SSL cannot be attributed to a specific user and will show on your reports as the generic school traffic. Also the more granular controls cannot be applied and traffic can only be allowed or blocked. How does SSL scanning work? Zscaler SSL scanning works by configuring the Zscaler to be an intermediary of the secure transaction. Instead of having a single end to end secure transaction as is usual with https connections, the Zscaler terminates the connection from the website, inspecting the content of the packet for compliance with the web filtering policy and then Zscaler establishes a new SSL tunnel to the user s computer using the Zscaler certificate. Legitimate SSL sites such as banking can be excluded from this Zscaler process and it is explained later in this document how to achieve this. How to configure SSL Scanning for your School -Installing the Zscaler digital certificate 1) You need to distribute the Zscaler SHA1 digital certificate to all devices on your network. For Windows networks this can be achieved very quickly using Group Policy. The SHA1 certificate can be obtained from the link below. The certificate should be installed in the Trusted Root Certification Authorities container. 2) If you are using ios(apple) based devices you will need to use whatever management software you have in place. If you do not have management software in place users can be instructed to go to the following URL to download the certificate for installation. http://www.ceomelb.catholic.edu.au/publications-policies/zscaler/ -Configuring Zscaler to scan SSL (HTTPS) transaction 1) Login to the Zscaler Admin Portal URL: UN: PW: https://admin.zscalerone.net siteadmin@your_school_domain_name xxxx catholic education commission of victoria ltd Page 2 of 6

3) Browse to the Administration tab and then select Internet Gateways & SSL from the menu on the left. 4) Once you are on this page select Edit and then select the pencil next to your sites gateway location as shown below; catholic education commission of victoria ltd Page 3 of 6

5) On the Internet Gateway Location configuration page, select the option to Enable SSL Scanning and then select Done. 6) This should then take you back to the main Internet Gateway & SSL configuration page. On this page change the Notification style for blocked unscanned SSL transactions to Show notification page. Then about two thirds of the way down the page is an option to enable SSL scanning based on the SHA1 algorithm. Make sure both settings are configured as shown below. catholic education commission of victoria ltd Page 4 of 6

7) Now select Save in the top right hand corner of the web page. After you have selected Save you should be prompted for an option to Activate Now, select this. 8) The setting changes are now complete. Ensure that the page is showing all three changes correctly set as shown below; Common troubleshooting and configuration changes post SSL Scanning implementation 1) Users are getting a certificate error when visiting a https web page. -Ensure the user has the correct digital certificate installed on their device -Ensure the certificate is installed in the Trusted Root certificate authorities container on windows based devices. -Verify that the site has a valid SSL certificate and the correct URL is used. 2) Why does traffic still show as the site ie Exxxx_School_Name in my reports? -This is traffic that is generated from apps or browser widgets that do not use a cookie to access the internet. For example the Facebook application installed on a ipad. 3) Disable scanning on categories of sites that you trust and are of a personal nature ie Online Banking websites. catholic education commission of victoria ltd Page 5 of 6

-Make the configuration changes shown below to the relevant categories. In this example we have made the finance category exempt from SSL scanning. This means when a user connects to their online banking website, this is a direct SSL connection between the users device and the banks server. Zscaler does not intercept/decrypt this traffic and consequently does not assign it to a user. catholic education commission of victoria ltd Page 6 of 6

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information