Surrogate IP - Purpose

(Rajeev Srikant) #1

I would like to know what is Surrogate IP. I read about it but not clear.
Can any explain in simple terms what is Surrogate IP & what is the purpose & how it will be used

(Dan Hume) #2

Hi Rajeev

I’m sure you’ve read through the documentation available on our help portal - https://help.zscaler.com/zia/what-surrogate-ip

Essentially what the feature allows for is a mapping of a private IP address(or true client IP) from a GRE or IPSec enabled location to an authenticated user.

This feature allows for web traffic that may not support cookies, HTTPS transactions that are not decrypted, or transactions with unknown user agents to follow the policy of the authenticated user seen from an already mapped IP address.

This applies for web based traffic, and the scenarios in the last paragraph are often the exception. However for traffic sent towards the cloud firewall this enables the administrator to control policy based upon user context. Such as - Allow this sub-location, for this group of users, to this destination, for SSH application, but only on this TCP port.

1 Like