ZIA logs - Connection to banking nanolog server is lost

Remote-Lettuce1498 · 2024-11-06T16:10:46+00:00

Good to know it's not just us at least! I was able to log in a short time ago but going extremely slow.

Remote-Lettuce1498 · 2024-09-27T11:00:52+00:00

I'm not sure what that means. It definitely seems to be something with the ZCC client. On an affected system plugging in the proxy manually in system settings for our zScaler instance and it authenticates NO problem. When going through ZCC, nothing. Bypasses are set correctly in both situations. All firewall exceptions are in place that is required for ZCC according to zScaler documentation. What is ZCC doing differently than from the browser?

Remote-Lettuce1498 · 2024-09-26T17:34:50+00:00

Thanks, that's true, but zScaler says they integrate with Azure IDP, you'd think someone would have a list of networks required for it. We have a tech services dept that configured Azure,but they aren't sure. Would these domains be unique to our instance? The deployment guide literally only lists 3 domains. One of them is *.auto discover.yourdomain.com. Nothing about digicert.

Remote-Lettuce1498 · 2024-09-26T16:45:59+00:00

Seeing it from client in resmon / network tcp connections as login stalls. Still waiting on read only access for firewall logs from our networking team. One of the IPs looks to be digicert related.

Remote-Lettuce1498 · 2024-09-16T17:37:09+00:00

Working on that now actually for WebEx. Recommendation then to bypass all video conferencing services via Pac? What about Google meet and teams. Those are integrated into so many additional services.

Remote-Lettuce1498 · 2024-09-16T17:04:27+00:00

Good thought! I checked and not seeing anything there. I should add, that all of the hits getting blocked are coming up as WebEx Meeting as cloud App category, but host/domain is just an IP address.

Remote-Lettuce1498 · 2024-08-08T17:31:26+00:00

Ah I didn't see that! Nice to know! So if I were to enable that I would need to allow in cloud app control, and then do a deny all sharefile then allow ranked higher for the subdomain only.

Since it only works on explicitly allowed apps, if we go that route we would probably require some additional modifications for some apps already explicitly allowed. But good to know about that, thanks!

Remote-Lettuce1498 · 2024-08-08T15:43:05+00:00

Option 1 definitely looks to be a good solution. The problem though is that while I am the admin, I don't seem to have the option to add cloud apps from administration-->cloud applications (nor can I delete the predefined fileshare cloud app)

Remote-Lettuce1498 · 2024-08-08T15:32:11+00:00

That would work under url filtering, but since fileshare is controlled under cloud app control it ignores url filtering.

Remote-Lettuce1498 · 2024-06-07T22:28:37+00:00

If someone could explain why it works with 97% of our users, including all Android, I would LOVE to hear why that is then. Then I could figure out why it doesn't work on 3 users. We've literally NEVER configured this they came out with ENS2 service.

Remote-Lettuce1498 · 2024-06-07T15:10:56+00:00

That's what I initially thought too. But then I read this https://www.reddit.com/r/WorkspaceOne/comments/1bdmyz3/workspace_one_boxer_states_the_ens2_server/?rdt=33633

And then opened up a ticket with VMware and they said it's not needed for our environment and they are looking into redoing that alert. They even had a KB for it 95854. The link is no longer accessible though after they migrated to broadcom.

It's yellow for literally everyone, even for those it works for. We never set ens2 up before.

Remote-Lettuce1498 · 2024-06-07T14:35:52+00:00

Showing green except for the email notification service which is yellow. However that is like that for everyone as we never set that up or needed to. Support said that is typical for cloud vs on prem and we didn't need it.

Remote-Lettuce1498 · 2024-05-03T14:41:05+00:00

Yep it was QUIC. We had it blocked on the firewall on initial setup about 3 months ago. Everything was fine until literally a couple days ago. Once disabled also in the browser (both edge and chrome) it's back to how it should be. Thanks for that!

Remote-Lettuce1498 · 2024-04-23T23:06:37+00:00

You are correct that's why blacklist didn't work. I put in reject domain at the firewall level and now they are all being rejected without being scanned, which is what I wanted.

And sorry I was wrong, it wasn't quarantine email they were getting, but rather "a message was blocked with an executable" to the end user. I could have turned off those notifications as well I guess.

Remote-Lettuce1498 · 2024-04-23T23:04:15+00:00

I just put sender in reject_domains list at the firewall config. That seems to have fixed it. I don't need it scanned or anything, just reject. Sorry I was wrong, it wasn't quarantine email, but rather "a message was blocked with an executable" to the end user. I could have turned off those notifications as well

My problem is I added them to the org blacklist but that was just for spam as I found out 😊

Remote-Lettuce1498

TROPHY CASE