Zscaler App - Assign Application Profile based on Source IP, DNS etc (ZIA)

So we are looking at rolling out the Zscaler App to machines and one of the things we need to determine is what application profile they get for Zapp to enforce ZIA forwarding profiles.

At the moment it looks like only users group membership is supported which isn’t ideal as it makes the set up fairly static. We are a global company and some of our users travel the world, China included. So in an ideal scenario we would could vary the application profile assigned based on their location to ensure optimal network traffic.

Does anyone know if this is on the roadmap?


Actually you don’t need the location based DC selection, as the pac file used by the zapp app profile will handle it.

You may need subcloud, though, in order to make sure some specific DCs, such as DC in China or DC in Australia will be also in the automatic geo location resolution list ($GATEWAY).

See https://help.zscaler.com/zia/what-subcloud

Suggest you to reach your ZScaler technical contact such as the SE or TAM to figure how you can have zapp configured to bring your user to the closest in country DC automatically.

Best Regards,

Jones Leung

SE Manager, Greater China


Thanks for the Feedback :slight_smile: Not quite what we after as I am talking about the profile in ZAPP, not the DC selection in ZIA :slight_smile:

Hi @postalspin

On the use-case:

ensure optimal network traffic

Subcloud logic, or using $COUNTRY and $COUNTRY_GATEWAY PAC logic would get to that outcome. Is there any other reason you’d want to toggle App profile based on Country?

See " Zscaler-Specific Variables" in this article --> https://help.zscaler.com/zia/writing-pac-file