Dedicated Proxy ports


(Rajeev Srikant) #1

What are dedicated proxy ports ?
What is the purpose they are used ?
Is there any additional cost to use dedicated proxy ports ?
To achieve O365 tenant restriction is it required to have dedicated proxy ports ?


(Thomas Quinlan) #2

Hi Rajeev,

Please see here: https://help.zscaler.com/zia/about-ssl-inspection, under “HTTPS Traffic from Remote Users”.

Short answers:

  • It identifies traffic from remote users as belonging to your organisation.
  • See the link above.
  • There may be, consult with your Sales account team.
  • If there’s no other mechanisms in place for SSL traffic from remote users, yes.

(Rajeshkumar Chemalli) #3

Hi Rajeev, Dedicated proxy ports (DPP) is additional yearly subscription which has to be procured separately.

If you are using Zscaler App Dedicated proxy port is not required.

O365 tenancy restriction can be achieved with ZAPP as well.

-RaJesh


(Rajeev Srikant) #4

Thanks.
Sorry I am still not clear.
In which scenario Dedicated ports are required & needs to be used. ?


(Giriraj Jayaraman) #5

Hi Rajeev,

When the user is not inside the corporate network/known location and if you prefer to perform SSL inspection, then you may require Dedicated Proxy Port (DPP) or Zscaler App.

ZEN will not inspect the HTTPS traffic on proxy port# 80 or 443 for road-warriors i.e. user connecting to the service from home or host-spot. To enforce SSL inspection for road-warriors, you can use DPP or Zscaler App (Z-App).

Kind Regards,
Giriraj


(Scott Bullock) #6

DPP (Dedicated Proxy Port) is discussed in detail in this article —> https://help.zscaler.com/zia/configuring-dedicated-proxy-ports

In general, if you are rolling out Zscaler App (best-practice) you will not need a DPP. If you are in explicit-proxy only, then a DPP can improve the user-experience for off-network (road-warrior) Authentication and SSL/TLS handling. The above linked article discussed the benefits of DPP at length.


(Rajeev Srikant) #7

Thanks.
I am planning to have O365 tenant control via Zscaler.
For some users to reach O365 It will go via DC to Zscaler.
For some users in branch they will have local breakout from branch to Zscaler.to reach O365
I want to have tenant control for 0365.

My understanding is that for this DPP is not required.


(Scott Bullock) #8

That sounds like you do not need DPP. It’s only needed for road-warriors, and is only useful when you’re not rolling out Zscaler App.