PZEN Behind the Network Firewall deployment model

Hi Team,
One of our customer chosen private ZEN deployment as behind the Network Firewall. Is there anyone deployed in such model.

Can you help me with IP requirements like public and private IPs.
Also the tunnel sources will be MPLS router, internal router for PZEN and tunnel to be via MPLS with private IP. Great if you worked on such scenarios to share with me.

Regards
Ramesh M

Hi @ramesh.mani1, that’s a support topology, you find it documented here —> https://help.zscaler.com/zia/deploying-service-edge

Network requirements are defined here —> https://help.zscaler.com/zia/about-service-edge

Please also contact you account team so they can assist you with sizing and other prerequisites for Service Edge (formerly PZEN)

Cheers,
@skottieb

Hi Scott,
The documentation is not clear enough.

  1. I don’t see IP requirements,
  2. Can I establish GRE from private IP as well as public IP. etc.

Now I am working with Zscaler SE to find out the best solution. ’

Regards
Ramesh M

Hi @ramesh.mani1, glad to hear you’re engaged with your SE.

  1. I don’t see IP requirements,

These are in this link https://help.zscaler.com/zia/about-service-edge


  1. Can I establish GRE from private IP as well as public IP. etc.

Yes you can!

Hi Scott,
Thanks for your update.
But If I am placing the Service edge internally or in DMZ with Private IPs. Still I need some public IPs to be reserved (NAT) for the service edge to reach out the Zscaler cloud. I am looking for public IP in this case.

Regards
Ramesh M