Forwarding LSS log through proxy



Just wondering if anyone have ever managed to forward LSS log through proxy?

We have our ZPA connector set up to use proxy and it’s working fine, however when set up LSS, its trying to go direct instead of using the proxy.


You the logs are send from the ZPA cloud → app connector and then directly to the log server but you want the logs to go from the ZPA cloud → the app connector → proxy → log server ?

If so I have not tried this but if it does not work check the ZPA release notes for bugs and resolved issues if needed open a case to the TAC and if forwarding the log traffic from the App conector first to the proxy then to the log server can’t happen then you may need to bypass he proxy for LSS or deploy ZPA private service edge after the proxy close to the location where the log server (splunk, Qradar, ELK etc.) is located.

Yes it’s possible to have proxy between the app connector and zpa cloud.

hi all, thanks for your reply.

@Niokolay_Dimitrov, you are correct, that’s what we are wanting to do, ZPA cloud → the app connector → proxy → log server.

We have raised a case with zscaler TAC, and they said it’s not possible, but wanting to see if others have different experience.

@ramesh.mani1 yes we have this working, it’s just the Log that is not using the proxy.


Maybe Zscsaler does not support this as just installing an client connector VM after the proxy closer to your log server will solve this.