Head of TAM Services EMEA and APAC Zscaler October 2017 – Present 1 year 9 months. London, United Kingdom. Responsible for leading Technical Account Managers (TAMs) in EMEA with full. Zscaler recommends deploying Identity Federation using SAML (Security Assertion Markup Language) for provisioning and authenticating users. This article provides an overview of using SAML for provisioning and authenticating users for the Zscaler service.
Current situation: We have a few data centers and 40 offices. Each of these sites is on Velocloud SDWAN. Each of these sites has an IPSec tunnel to Zscaler. All traffic from users to internet is restricted via Zscaler proxy policies (e.g. no porn) and Zscalers firewall (e.g. no bittorrent). We do about 15 to 20TB per month.
The Issue: Our sites use applications in customers data centers. These customers have extreme security requirements, including all public IP addresses of clients need to be permitted in their firewall. Traffic is SSH, FTP and HTTP. Zscaler has a big pool of IPs that it uses for all clients. So at the moment, we cant give these IP addresses to our customers as it would then allow in Zscalers other customers. These applications number in the 50s and change monthly.
Question? What can we use? Requirements: Centralised firewall (can block outbound traffic on a port by port or protocol by protocol basis), centralised web proxy (block porn, gambling, whatever), can be used by users at home and at the office, uses a small set of IPs just for our users.
Any ideas?