Does NSS have an option to specify internet proxy?
Yes it does.
Here are the instructions to configure explicit proxy mode:
Run ‘nss configure’ command to configure interfaces.
Use the ‘proxy’ option:
[root@NSS /tmp]# nss configure proxy
proxyserver (Proxy Host ) [10.66.21.195]:
proxyport (Proxy Port ) :
Successfully configured proxy
To undo this configuration, ‘–wipe’ may be used: nss configure proxy --wipe
Is SAML authentication supported or it would require ZAB?
There is no user authentication with NSS. The NSS service authenticates to the Zscaler Central Authority over a secure SSL connection on port 9422. More info on NSS configuration here:
does it matter which method for traffic forwarding is used?
We are not using IPSEC based traffic forwarding to ZScaler.
No, NSS is agnostic to the traffic forwarding method. The traffic forwarding mechanism is established between your network/endpoints and Zscaler’s Enforcement Nodes (ZEN). The ZENs process your web transactions, generate event logs per each transaction and send them out to your assigned Nanolog Cluster for 6-months storage. The Nanolog Cluster then streams out all the events logs in real-time to your NSS VM.