NSS appliance proxy settings


(Alex) #1

Does NSS have an option to specify internet proxy?


(Nick Morgan) #2

Yes it does.

Here are the instructions to configure explicit proxy mode:

Run ‘nss configure’ command to configure interfaces.

Use the ‘proxy’ option:
[root@NSS /tmp]# nss configure proxy
proxyserver (Proxy Host ) [10.66.21.195]:
proxyport (Proxy Port ) [3128]:
Successfully configured proxy
To undo this configuration, ‘–wipe’ may be used: nss configure proxy --wipe


(Alex) #3

Is SAML authentication supported or it would require ZAB?


(Lidor Pergament) #4

There is no user authentication with NSS. The NSS service authenticates to the Zscaler Central Authority over a secure SSL connection on port 9422. More info on NSS configuration here:
https://ips.zscloud.net/nss
https://help.zscaler.com/zia/about-nanolog-streaming-service


(Alex) #5

does it matter which method for traffic forwarding is used?
We are not using IPSEC based traffic forwarding to ZScaler.


(Lidor Pergament) #6

No, NSS is agnostic to the traffic forwarding method. The traffic forwarding mechanism is established between your network/endpoints and Zscaler’s Enforcement Nodes (ZEN). The ZENs process your web transactions, generate event logs per each transaction and send them out to your assigned Nanolog Cluster for 6-months storage. The Nanolog Cluster then streams out all the events logs in real-time to your NSS VM.