Salir a Internet con una IP Publica de nuestra organizacion a traves de ZIA

Hello,

I wanted to make a query to see if you can help me, as it is a topic that generates many doubts.
In our organization we are considering to replace the Physical Proxy with the ZIA zscaler solution. Currently some internal servers of our organization that navigate to the Internet through the Physical Proxy, need to be presented with a specific public Ip of our organization, since at the other end the servers to which they connect (almost all applications based on HTTPS) are configured in their Whitelist firewalls and only allow us access to the service when the Ip of Origin is a specific one.

Is there any functionality in ZIA that allows this or should we continue with a physical proxy and continue using it for this type of traffic? I understand that if there is a solution, Zscaler would take control of our public addressing?

Thank you very much.

Alvaro - the Source IP Anchoring (SIPA) capability in ZIA is something that can be deployed to address this concern. More information about SIPA can be found here: Source IP Anchoring.

Please note, to continue using the same egress IP address(es) you use today, the connector (a virtual image) can be installed at the same location as your current physical proxy. The cloud location depicted in the diagram is the most advantageous from a network path perspective given the applications requiring a static IP are on the public Internet but it also requires you to re-register the egress IP assigned to you in the public cloud of your choice with the applications that require a specific public IP.

1 Like

I also noticed this was sent to the Client Connector forum, although it may be more appropriate for the ZIA forum. The SIPA solution doesn’t require the Client Connector to operate, and servers can take advantage of SIPA using the destination as the criteria (e.g. if servers are accessing https://org.database.cloud.net, that URL can be specified in the SIPA proxy configuration and all traffic destined for that app will go through ZIA as it normally does and then through the SIPA connector, to the app, and back the same way).

1 Like