Not allowed to use tunnels - what does it exactly mean?

tunnels
policy
tunnel
notallowed

(Piotr Hałka) #1

Hello Team,

Could you explain to me what exactly mean “Not allowed to use tunnels” in the Zscaler logs?

Thanks!


(Scott Bullock) #2

Pitor, can you please upload an example log entry?


(Jones Leung) #3

Hi Pitor,

It is probably due to our global setting to “Block tunneling to non-HTTP/HTTPS ports”. As http tunneling is used by many people to get internal traffic out of enterprises, we offer that global setting to give customer a chance to block those traffic. In new version 5.6, you should be able to find “protocol” under the URL filtering policy, which will allow you to choose what tunneling traffic should be allowed/blocked after you have disable the “Block tunneling to non-HTTP/HTTPS ports” from the advanced settings.

Please see below screen capture for the “Block tunneling to non-HTTP/HTTPS ports”.

Best Regards,

Jones Leung

SE Manager, North Asia

Zscaler, Inc


(Piotr Hałka) #4

Hi Scott,

That’s the screenshot from the customer.
They have a Greenbone Security Manager Appliance for making Vulnerability Scans. And by connecting to “feed.greenbone.net” the Scanner gets updates.

No there are no other URLs blocked by “Not allowed to use tunnels”.


(Scott Bullock) #5

Thanks Pitor.
It is as @Jones_Leung said, this our tunnelling capability, I’m guessing the Vuls scanner is not using proper proxy/http and is attempting some form tunnel, so we’re working as designed.

You can disable this for the specific host if you need to bypass, please see here --> https://help.zscaler.com/zia/configuring-security-exceptions-advanced-threat-protection-policy

Cheers,

Scott-


(Piotr Hałka) #6

Thank you, I appriciate your help.