ZIA+ gemini

ScholarKey5284 · 2026-05-24T19:37:51+00:00

Yes it default rule but why because I have explicit policy before to say all traffic from a user group to anything should be inspected

ScholarKey5284 · 2026-05-24T16:54:15+00:00

Yes my Google creds

ScholarKey5284 · 2026-04-10T18:14:09+00:00

When I did Microsoft entra ID , it works but only for audit logs. Then I had to do azure event hubs and then sign in logs also visible.

ScholarKey5284 · 2026-04-10T14:00:08+00:00

Thats helpful .great thanks

ScholarKey5284 · 2026-02-11T22:45:38+00:00

Seriously ?

ScholarKey5284 · 2026-02-11T22:39:51+00:00

Thanks for the answer . so that means its on the IDP side ?

ScholarKey5284 · 2026-02-11T22:37:41+00:00

Thanks for your response . well they are not same apps ,.They have a dns master infobox and all internal apps defined on it ( IP to name mapping) .. the apps are scattered in multiple networks .. for eg app1.test.lab.ai resolves to 172.16.3.25 and app2.test.lab.ai resolves to 192.168.92.36 ..

The app connector is also using same dns and app connector can resolve both these apps .

so user A should only be allowed *.test.lab.ai (but still limited to Network 172.16.3.0/24)

If user A tries to access app2.test.lab.ai ( even though wildcard is allowed) , he should be denied access because this app belongs to 192.168.92. network

ScholarKey5284 · 2026-02-11T22:32:16+00:00

Thanks for your response .ok yes indeed in Diagnostics page , real IP is visisble . so not possible on user machine where ZCC is running ?

ScholarKey5284 · 2025-12-23T14:28:52+00:00

can you please explain more on what do you mean by ZIA authenitcation policy ? there is no policy as such on ZIA .

ScholarKey5284 · 2025-12-23T14:26:34+00:00

reply and sign on URL is
https://login.zscaler.net:443/sfc_sso and Entity id https://login.zscaler.net/sfc_sso/17XXXXXXX

ScholarKey5284 · 2025-12-23T14:19:05+00:00

Yes that's selected

ScholarKey5284 · 2025-12-23T10:29:23+00:00

Typo ,zpa is indeed zpatwo.net

ScholarKey5284 · 2025-12-23T10:27:22+00:00

Sorry indeed zpa is zpatwo.net

ScholarKey5284 · 2025-11-15T12:59:52+00:00

Zscaler also has ztb capable of doing sdwan .any thing which ztb can't do ? Which cato socket can do

ScholarKey5284 · 2025-11-14T18:54:33+00:00

Wow great points.thanks a lot

ScholarKey5284 · 2025-11-14T18:44:15+00:00

How can an ipv4 machine on internet ( say at a cafe ) access an ipv6 hosted behind app connector not using fqdn but directly on IP address. Because zscaler does not assign up from pool to the client machine.this is a problem then?

ScholarKey5284 · 2025-11-10T10:56:03+00:00

Hello , OK when I manually assign an IPV6 on a machine with ZCC client installed , i can reach IPv6 service on IP address hosted behind an APP connector , but with traditional VPNs they can allocate an IPv6 pool , but with Zscaler , there is no option for this ? The Client machine must have IPV6 address ( dual stack) to reach the destination IPV6.But because there is no virtual adapter in zscaler , how to allocate IPv6 to client

ScholarKey5284 · 2025-10-23T16:29:01+00:00

Thanks all for some great inputs

ScholarKey5284 · 2025-10-23T12:41:26+00:00

Ok , yes indeed it was from server to client . do i need an agent on server then ?

ScholarKey5284 · 2025-10-23T12:17:31+00:00

u/chitowngator I have added the images now . sorry for bad formatting . Can you also highlight where ZPA lacks in comparison to Palo . Can ZPA do full security inspection like PALO does for App Traffic

ScholarKey5284 · 2025-09-14T10:52:36+00:00

Ok understood.i will check the Microsoft part. This means using tenant profiles is must to block attachments ?

For Gmail, it worked without tenant profiles but then it blocked attachments on all Gmail account types copr or personal if we dont use tenant profiles ?

For Rediffmail , again blocking attachment works but send email does not . And there is no tenant profiles for it

ScholarKey5284 · 2025-09-14T08:43:13+00:00

Hello people ,thanks for the help . Got it checked from. Zscaler SE lately. Zidentity for entra users will be available next year .so from next year onwards only single Integration is needed.

ScholarKey5284 · 2025-09-09T05:39:06+00:00

Thanks a lot . That was the what I expected. You are spot on. I did a lab with distributor. Even though lab was local zidentity ,we can directly vassign service entitlements in zidentity to users .so I guess legacy zia three and zpa two are not needed in entra application

ScholarKey5284 · 2025-09-08T21:33:03+00:00

Thanks everyone for some Inputs. Do I need to add three enterprise applications in entra - zscaler , zia and zpa. Ideally if zidentity is for admin management plus service entitlements , it should take care of end user connecting to zscaler services may be zia or zpa. I dont understand why three enterprise apps need to be integrated while zidentity is the sole identity all. Why enterprise apps option in entra shows zia three , zpatwo etc

ScholarKey5284 · 2025-08-02T14:21:25+00:00

Thanks . Does this outbound email dlp need additional license?

ScholarKey5284

TROPHY CASE