Approach to migrate from bluecoat to ZIA

Hey folks ,

I am working for one of my client to implement ZIA service . Currently they are using bluecoat proxy for internet access. The dump file from blue coat proxy contains nearly around 15k line of code and this is really messy to sort and migrate rule to zscaler. Can anyone with in community advice any best practice to migrate these existing rules from bluecoat to zscaler.

The client is not ready to start from some baseline as suggested by zscaler . He wants to use existing rules in bluecoat as baseline and than want to modify them if needed .

Any help advice is much appreciated.


Hey there — I actually run a pretty heavy Blue Coat shop right now - tell your client you need to separate the Blue Coat core rule set into specific layers ---- tackle Authentication — get users connected —we are doing this with our proxy admins as the first users ---- from there you build the base categories - Policy layer-- for a top level url policy map — use AD security groups for elevated access to unique categories as variants off of the base general users map — set your SSL bypasses in the custom list - but only add them if you actually have too - multiple required SSL bypasses to make blueCoat and WSS work are not required in Zscaler ---- once that is handled ---- your next task list is Cloud SaaS apps and criteria or quota policies — test heavily ----- than tackle Browser control policies ----- from there the custome should be so comfortable with Zscaler any other policies or rules will gfall in place

Hello Kaija , thank you very for your valuable input this will definitely help me alot

One more thing I would like are to check specifically on the best practice for ssl with your inputs. How to address this in Zscaler . As in bluecoat i have SSL inspections bypasses rules based on source /destination IP/ Destination url and domains as well. We had planned to use GRE traffic forwarding to Zscaler cloud. Thanks