Hi all. I have a SaaS product for B2B. Client is upgrading to Z-scaler security. We currently have issues with some parts of our Azure cloud communicating within their region, ever since Microsoft added Dynamic DNS load balancing on the host global.azure-devices-provisioning.net. I really want to send Z-Scaler a list they will understand and apply the first time correctly.
Hoping that someone can clarify how best I should communicate the whitelist requirements of my product to a client per region. Up to this point, they have had to whitelist every single host and cannot use any kind of wildcard/ FQDN rules to cover many at once.
My columns in the spreadsheet cover URL, dest IP, Port(s), Protocols, and descriptions.
- Any info on how Z-Scaler executes their whitelists? Any gotchas or things to be wary of?
- Should I list the primary Azure endpoint (global.azure-devices-provisioning.net) with a N/A IP column but still include all the ports? The URL is just the front-door for Azure now.
- Directly below the previous whitelist, should I just include the full details for each region endpoint? My thought is to just add in the description that the region endpoints are directly connected to the primary Azure devices endpoint.
Sorry if it seems like I am overcomplicating this. Our client has multiple regions, and not all our rules work all the time right now due to different firewall technologies and rule requirements across regions. I am hoping Z-Scaler will make things easier for us.
No comments:
Post a Comment