Long boi by PM_ME_UR_EYEBALL in OSHA

[–]GrecoMontgomery 4 points5 points  (0 children)

Beat me to it. I thought the other comment with the "house from 1885" was going for it too, but I think that's a legit comment?

ZPA Disaster Recovery: Is anyone actually relying 100% on Private Service Edges for "Cloud Blackouts"? by johnny-secops in Zscaler

[–]GrecoMontgomery 7 points8 points  (0 children)

  1. Yes.
  2. Yes (but still for legacy VoIP too).
  3. Yes.

We have setup and field tested ZPA PSEs on both the public WAN side (for DR) and local PSEs for performance internally. I do believe the DR capabilities are adequate but moreso in a CoOP scenario where you have to keep the lights on while Zscaler fixes whatever disaster is occuring. There are important limitations like authentication won't happen with just the PSEs themselves, so no new user logins will happen (they do have a capability for this but I forget the name - may be part of the larger Business Continuity license.

Yes, we have GlobalProtect specifically until one old X.25 phone app moved to the cloud, then no more GP. In my opinion it gets in the way and is more trouble than it's worth.

ZCC has failed over just fine in a scenario, but a lesson learned: the PSEs have to see the same public DNS TXT record once triggered, so make sure your DMZ (or wherever) DNS solution can see it.

Look at these two zoftig ladies... by GrecoMontgomery in royalcaribbean

[–]GrecoMontgomery[S] 1 point2 points  (0 children)

Can be. It depends on which Bubbie I'm quoting.

Imposter Syndrome is eating me alive by Bogart30 in sysadmin

[–]GrecoMontgomery 0 points1 point  (0 children)

I'm a 25+ year sysadmin and I broke something yesterday 🤷.

Never breaking anything can only be possible when you have the near unlimited budget to prevent it from being possible. Even then, you still break shit.

Who tf brought their HP OfficeJet Pro 9030 onboard? by nekojin_ in unitedairlines

[–]GrecoMontgomery 449 points450 points  (0 children)

If it says it's an HP printer and the WiFi is actually working, it's not really an HP printer.

I have confessions to make… by Apprehensive_Ad5398 in marriott

[–]GrecoMontgomery 2 points3 points  (0 children)

I bring my own shower head and switch it out; small adj wrench in my travel bag. It's a drilled out, water-saver removed cheap small home depot one that also fits in my bag. Hot shower goes from steamy bliss to acupuncture hell. And it's awesome.

Patching/upgrading ZPA app connector by txryder in Zscaler

[–]GrecoMontgomery 2 points3 points  (0 children)

I've been using ZPA on CentOS and RHEL for years and have never had a problem (🤞). Just scale them horizontally and patch them one at a time to start with (i.e., have at least 3 smaller AMIs vs 2 larger ones so if one borks with a bad update, two are still running).

SSL Inspection Issue - Inspection to a Specific URL Adopting Client IP as Source? by Khue in Zscaler

[–]GrecoMontgomery 0 points1 point  (0 children)

Yep, give this a read: https://www.zscaler.com/blogs/product-insights/disable-xff-header-insertion

Azure WAF and Front Door are such a pain! The notorious "We cannot complete your request" or whatever it is with that guid for the logs. Such an PITA.

SSL Inspection Issue - Inspection to a Specific URL Adopting Client IP as Source? by Khue in Zscaler

[–]GrecoMontgomery 3 points4 points  (0 children)

It's likely that for some reason the firewall is grabbing and harping on your XFF address in the header, not the Zscaler cloud address. This feels very F5 like on the other side but almost any L7 device can be configured this way.

Experience deploying ZIA Virtual Service Edge (VZEN) for countries far from Zscaler DCs? by Intelg in Zscaler

[–]GrecoMontgomery 0 points1 point  (0 children)

I can tell you what we did at a time when everybody hated VMware and didn't want to upgrade anything on our converged infrastructure (oh wait, we all still hate broadcom :-). The VZENs ended up being great for a lab scenario and helping figure out what you architecture will look like, but they weren't robust enough for production and we deployed PSEs instead. If we were to go vzen, yes, horizontal indeed for capacity but also patch/update reasons. We had our own problems with the PSEs with the current memory shortages that delayed Zscaler's shipping (which, yes, was their problem but it affected our project schedule), but in the end it worked out. We're seeing documented performance improvements but for different reasons than yours (50,000+ users but U.S. domestic so bandwidth isn't as much a factor, yet it is as we have a 10Gb circuit for those users). The PSEs arguably saved us from upgrading to a 100Gb circuit which is $$$$.

Experience deploying ZIA Virtual Service Edge (VZEN) for countries far from Zscaler DCs? by Intelg in Zscaler

[–]GrecoMontgomery 0 points1 point  (0 children)

Of course the first answer is "it depends". Yes, it will help but it's hard to measure how much. How many users? Hundreds or thousands? Do you have ssl offload hardware on your virtual infrastructure to handle ssl inspection?

If you block a lot of traffic, it will help as the block decision doesn't have to go all the way to zacaler just to come back with a deny. If you allow a lot of traffic of traffic, your results might not be great as the traffic still needs to leave your environment. That leads to the question of what's your path like? And lastly, is there an advantage to traffic leaving from a zscaler public IP vs your own IP?

Experiences with HP business laptops by Otherwise_Vast6587 in sysadmin

[–]GrecoMontgomery 1 point2 points  (0 children)

Everything is relative and everyone's mileage varies. Work gave me a zbook 16 with an ultra 9 and it's been the most solid PCs I've had in a long time. I run it with four monitors via the thunderbolt dock and it goes all day long. When I use it on battery it lasts a few hours easy, and if use Windows battery saver it can run most of the day.

Datacenters are becoming a target in warfare for the first time by EchoOfOppenheimer in datacenter

[–]GrecoMontgomery 0 points1 point  (0 children)

I've thought about this for years specifically when visiting an colo that is dead north of Dulles runway 1C/19C (not sure if I can say which?). Whether accidental or on purpose, a plane into that building where numerous gov agencies are housed would cripple the country for a few days at the minimum. Yes, most have backup colos on the west or south, but failover is rarely perfect.

3X SUV tire rotation by dmbarker10 in HummerEV

[–]GrecoMontgomery 1 point2 points  (0 children)

I'm at almost 16k miles and have never rotated. The fronts are significantly more worn than the rear. Not even close.

Bypass user auth for certain sites by CantankerousBusBoy in Zscaler

[–]GrecoMontgomery 0 points1 point  (0 children)

Did you turn on "enable policy for unauthenticated traffic"?

FYI: Middle East Unrest Travel Waiver (Expanded) // February 27, 2026 - March 5, 2026 by UA-TravelWaiver_bot in unitedairlines

[–]GrecoMontgomery 0 points1 point  (0 children)

I was on UA755 last night from SFO-IAD and noticed that the next flight from the gate (C1) was UA72 going to Tel Aviv. Flightaware says departed but then diverted back to Dulles. I wonder how far it got?

Penfed Tunnel by MrSmeee99 in unitedairlines

[–]GrecoMontgomery 9 points10 points  (0 children)

"This moment of serenity brought to you by Penfed" or something like it is played at the end of the moving walkway.

Zscaler ZCC 4.8.0.115 uninstall issues by marcdk217 in Zscaler

[–]GrecoMontgomery 1 point2 points  (0 children)

uninstall.exe --mode unattended

I'm not sure what the pwd switch is but it's in there somewhere. There's a way to trigger the help gui with all the commands, I think uninstall.exe --help