SSL inspection logging impact


#1

I’m looking for some insight on what kind of increase I can expect in number of transaction by implementing SSL inspection on my Z-App traffic. I understand this could vary greatly depending on whether the user is accessing HTTPS sites or not but is there an accepted formula for estimating this?

Also, regarding exceptions to SSL inspection, is the preferred method to use an application bypass instead of URL category? I’d always assumed so but I was reviewing the help topic on Public Key Pinning, and for most of the items listed, the recommended method is URL category.
https://help.zscaler.com/zia/public-key-pinning-and-zscaler


#2

MikeC,

on your first topic, implementing SSL inspection would not add transactions to Zapp, assuming you are already sending the TCP/443 traffic to Zscaler. If you are, and have not enabled SSL bypass, then Zscaler would not inspect but still forward your traffic. If you are not sending that traffic via Zapp, then there is no good way to tell in advance, but I would expect SSL traffic to represent 50-70% of your corporate browsing traffic, so I would budget for a 2X or 3X increase.

There is no preference on bypass methods (app, url category, url, etc.). You should use a combination that suits your needs. As a general rule though, you should minimize the number of bypasses for ease of management. So, if you had the option to bypass a category, or 100s of individual urls that belong to it, I would do the former.

I hope this helps,

Pablo Smiraglia