Automatic pull of Zscaler IPs

Hi all

We are using Cisco Firepower Management Center to manage our firewalls

We have a rule set up for all the branches which allows access to all the Zscaler IPs (Config | Zscaler) on the usual ports (80,443,8080 etc etc)

Whenever Zscaler add a new datacentre I have to manually update the object on our management

It’s not the biggest task in the world but we already have a python script set up to update the list of Office 365 IPs automatically (based on https://endpoints.office.com/endpoints/worldwide?clientrequestid=b10c5ed1-bad1-445f-b386-b919946339a7) and im wondering if anyone has managed to anything similar with Zscaler?

Ideally I need a plain text list of IPS or a way to format the CENR list into plain text so I can use it in a script - I asked support but they didn’t seem to understand my request

Thanks in advance

Hello Ben,
You can use JSON feed for that. Example of the output: https://api.config.zscaler.com/zscaler.net/cenr/json
Replace zscaler.net with your colud. For example, if your instance on Zscalerthree:
https://api.config.zscaler.com/zscalerthree.net/cenr/json

1 Like

Spot on, thanks, will test - should work the same as our O365 script. Didn’t know this was available!