ZApp auto update not possible

Hi,

we are currently trying to breakout the IP´s behind the d32a6ru7mhaq0c.cloudfront.net (ZApp auto Update URL) locally.
We don´t have a default internet route, so we have to type in the ip addresses behind that.
But we recognized that there are so many dynamic public ip addresses behind this fqdn, that we are not able to implement the routing correctly.
We already route the recommended Zscaler HUB IP´s, but this doesn´t work for the App Update.

Can anyone help me or do have the same experience?

We have experienced same situation for one of our customers. Zscaler Support told us that in no-default route environments, ZAPP will not be able to auto-update. In this type of environment, the ZAPP will only auto-update when the user is off their corporate network (i.e., working remotely).

Hi Constantin/Gregory,

Yes, cloudfront doesn’t really have a fixed range you can lock down.
One thing I’ve seen (but I won’t comment as to it’s official support) is customers replicating that DNS name internally and pointing to a local file server that replicates the update files.

Additionally, in 2.1.2 which is pending release, we do have a feature where Z App can tunnel this traffic through ZIA. This is a feature designed for No Default route environments.

Cheers

David

1 Like

When would this be?

Any delays because of COVID-19 ?

We added an internal record for d32a6ru7mhaq0c.cloudfront.net pointing to a handful of the cloudfront address and this seems to work ok.