Local Internet Break out

(Rajeev Srikant) #1

I have the below basic query regarding my requirement.

  1. Planning to have local internet break out in my branch office.
  2. Office 365 & other internet traffic will have local breakout via Zscaler from branch.
  3. Certain SAAS applications, should be via the existing Proxy server located in our Data Center.

Let me know if this can be achieved. My understanding is PAC file is required.
The other question is what should i consider for DNS servers ?
Should I advertise the public DNS servers into the network or not required. (Zscaler will take care)

Please let me know

(Scott Bullock) #2

Hi @rajeev_srikant, short of the long, you should tour as much traffic as possible to Zscaler direct from the local breakout.

There can use-cases for some sites/apps, these can be served via VZEN, some other on-prem proxy or direct via firewall. Generally we recommend VZEN so the security and policy posture is identical across for outbound internet edges. How you steer traffic to this proxy/edge is a more a design decision and can depend on the nuances of your environment. Often a PAC is used to defined what traffic goes where, or you may use the network to steer traffic, or both.

So, what you want to do can be achieved, however, how you do it can vary.

(Rajeev Srikant) #3

Thanks. I understand that through PAC file i can control which URL, should be sent to Zscaler and which URL to be sent to Data center proxy.

Regardingn DNS, if I use PAC is it required to configure public DNS in end users PCs ?
Which DNS should i use.