ZScaler app for ChromeOS


(Alex) #1

Does ZScaler have ZScaler app for Chrome OS to forward the traffic to ZScaler cloud?


(Scott Bullock) #2

Hi Alex,
Today ZApp is not a supported platform for Chrome OS, instead the
native proxy settings of Chrome OS should be used.

We do have an open ER to add Chrome OS Support. Please raise a request via
Zscaler Customer Success / Zscaler Support so we can add you and track your
organisations interest.

Many thanks,
Scott-


(Alex) #3

I was only able to find the following article on how to configure ChromeOS for traffic forwarding to ZScaler
https://support.google.com/chrome/a/answer/3504945?hl=en1
Is there another version of the article?
Thanks,


(Scott Bullock) #4

This Article does look very dated, the UI Screenshots are at least three
years old, it seems Google is not maintaining this article.

The best link I know if for Chrome/ChromeOS/Android specific settings is
here --> https://support.google.com/chrome/a/answer/2657289

Here’s the relevant snippet from the articles as of today:

Proxy mode

Specifies how Google Chrome connects to the Internet.

If you leave the setting at its default Allow user to configure, the
user can change the proxy configuration in their Chrome Settings. If
you choose any of the other Proxy Mode options, the user can’t change
the configuration.

Never use a proxy means that the Chrome device always establishes a
direct connection to the Internet without passing through a proxy server. A
direct connection is also the default configuration for Chrome devices, if
you do not set a policy and the user doesn’t change the configuration.

Always auto detect the proxy instructs the Chrome device to to
determine which proxy server to connect to using the Web Proxy
Autodiscovery Protocol (WPAD).

Always use the proxy specified below sets a specific proxy server for
handling requests from this user. If you select this option, you need to
enter the URL of the proxy server in the* Proxy Server URL* text box
below. Format the Proxy Server URL as ‘IP address:port’, such as ‘
192.168.1.1:3128’. Leave it empty for any other Proxy Mode setting.

If there are any URLs that should bypass the proxy server that handles
other user requests, enter them in the Proxy Bypass List text box. If
you include multiple URLs, separate them by putting one URL per line.

Always use the proxy auto-config specified below. For the Proxy Server
Auto Configuration File URL, insert the URL of the .pac file that should be
used for network connections.
Android apps running on Chrome OS

If you have Enabled Android Apps on supported Chrome devices
https://support.google.com/chrome/a/answer/7131624, a subset of proxy
settings is made available to Android apps, which they may voluntarily
choose to honor (typically apps using Android System WebView or the
in-built network stack will do so):

If you choose never use a proxy server, Android apps are informed that
no proxy is configured.

If you choose use system proxy settings or fixed server proxy,
Android apps are provided with the http proxy server address and port.

If you choose auto detect proxy server, the script URL “
http://wpad/wpad.dat” is provided to Android apps. No other part of the
proxy auto-detection protocol is used.

If you choose .pac proxy script, the script URL is provided to Android
apps.

Cheers,
Scott-


(Alex) #5

Could ZScaler put something together?


(Scott Bullock) #6

I’ve sent your document request to the relevant team. We’ll see that they come back with.


(Alex) #7

With ChromeBooks and ChromeBoxes,If we use native proxy settings for Chrome OS to redirect the traffic to a ZSCaler, could we disable authentication for mobile location as our Chrome devices are locked in kiosk mode (Citrix receiver app) and users don’t have an option to authenticate to ZScaler?


(Nick Morgan) #8

To disable authentication traffic traffic must be coming from a 'known’
location (registered IP address / tunnel) where authentication is turned
off at either

  • the ‘location’ or ‘sublocation’ (subnet) level.
  • the PAC file by using proxy port 9480 (again from a known location where
    authentication is enabled).
  • the destination URL, category or application

It is not possible to allow a host to proxy completely unauthenticated via
Zscaler from an unknown location since the Zscaler service would then
become an open proxy.


(Alex) #9

Is there any update on the documentation from ZScaler for use with ChromeOS?


(Alex) #10

If that’s the case, could ZScaler integrate with G-Suite on pulling G-Suite enrolled Chrome devices to allow traffic from “trusted” devices via ZScaler w/o ZScaler app for Chrome OS?


(Nick Morgan) #11

Please raise an ER request via Zscaler Customer Success / Zscaler Support
so we can add you and track your organisations interest.


(Alex) #12

Ticket# 459298 is submitted. Thanks,