Deploying NSS in Azure

I am currently trying to deploy NSS in Azure, however I have run into an issue with the deployment Powershell script and wondering if anyone else has had this problem.

Basically we have an existing virtual network and subnet setup in Azure, with configuration behind a Firewall appliance, so when I am attempting to run the Deployment Script with the config file, it gets to the network configuration and asks if I would like to create a network, when No is selected the script exists. However looking at the PowerShell script there is an additional parameter which can be called “vnetrgname”, I have done this however I still end up with the same issue above.

It appears that this piece of code needs to be looked at (Line 345)

if($vnetrgname -ne $rgname){
#Validate the resource group for provisioning vnet exists
}

$vnet=Get-AzureRmVirtualNetwork -Name $vnetname -ResourceGroupName $vnetrgname -ev vnetError -ea 0
$vnetcreate=‘n’

As nothing is happening in the If Statement. At the moment this is blocking me deploying NSS.

Many Thanks

Charlie

Hi @RNLICharlie,

Welcome to communities. Thanks for pointing out the issue on line 345 - looks like the actual validation code for the resource group is missing. However, if you provided a correct vnet and subnet name , the IF statement on line 351 will be TRUE and the script should running correctly, until line 407 that will have similar logic for getting the subnet object.


If you provided the subnet and vnet names correctly in the conf_file.txt, the lack of validation shouldn’t cause any issues. We will fix that missing validation that you had pointed out.

Do you open a Support ticket for tracking this issue?

Thank you,

Lidor

Hi,

Thanks for getting back I have logged a case with Viper who provide our Zscaler service, however the scenario I am trying to complete is around deploying the NSS with an existing vnet configured and subnet. If I put the relevant options in for that piece the script seems to ignore them. If I put the configuration in, it creates a brand new vnet which is not linked to our network setup.

Is there away to manaully deploy this?

Cheers

Charlie

Hi @RNLICharlie,

We have recently updated our deployment guide: https://help.zscaler.com/zia/nss-deployment-guide-azure with a step-by-step process for deployment NSS using the Azure Portal GUI.