Version 4.0.5
Version 4.0.5 comes with the following enhancements:
New! Private Cloud Private Access: PriCPA is a unique functionality of the Cloud Security Connector. PriCPA allows you to create a Private Cloud among all CSCs for private traffic. In a matter of minutes, you can build a full mesh encrypted topology between your locations for private traffic with Zero Trust. After making the Private Cloud, you can set up your policies to define who will talk with whom inside your Private Cloud.
New! Proxy Bypass Advanced Mode: This functionality was created for servers and devices with Explicit Proxy settings. It provides connectivity to Zscaler (upstream Proxy), DIRECT via local public IP and also connectivity to internal websites.
New! Traffic Logs: The CSC can send all traffic logs to a Syslog/SIEM server. The Traffic Logs provide visibility of all IP communications to Zscaler, Routed and Proxy Bypasses, PriCPA, and Local received and generated traffic. This functionality is essential to customers with a basic Zscaler Cloud Firewall license.
New! SNMP support: The CSC Mux for Azure can be monitored via SNMP v2c and v3.
New! Radius integration: You can access the Admin console using your username and authenticating via Radius protocol to a Radius Server.
New! The "csccli" user can be enabled and configured via the Admin console, allowing terminal access to the CSC using SSH keys.
New! SSH access can be restricted per Subnet or IP. It applies to the CSC's Internal (eth1) and PriCPA interface. It is not required anymore to set up external security groups.
New! TCPdump functionality is provided via the Admin console for easy troubleshooting of IP traffic.
Base OS upgraded to Ubuntu 22.04
Version 2.6
Version 2.6 comes with the following enhancements:
NEW! Configuration Wizard. It is possible now to change via SSH Console the following parameters: GRE credentials, DNS servers, Cloudname and Syslog servers.
NEW! Switch tunnels. It is possible now to switch Primary / Secondary via SSH console.
Change: The default template of the OVA file requires 2 x CPU, 4 GB RAM, 8 GB disk. This increase was done due to the intensive use of the Bypass Proxy functionality by our customers. If you are sending most of the traffic to via tunnels, you can reduce it to 1 x CPU, 1 GB RAM.
Version 2.5
Version 2.5 comes with the following enhancements:
NEW! Zscaler Global Proxies accepted for Bypass Proxy (port :3128). Now, on the CSC, it is possible to use the Zscaler Global Proxies IPs (Ranges 185.46.212.88-93 and 185.46.212.97-98) to redirect traffic to the CSC Bypass Proxy. You need to point your bypass URLs to (example) : PROXY 185.46.212.88:3128 . This feature was requested by several customers in order to create a unique global pac file using the Zscaler Global Proxies.
- Some cosmetic menu changes.
Version 2.3
Version 2.3 comes with the following enhancements:
Logs to Syslog server. On version 2.3 you can setup one or two Syslog servers where to send the information about Tunnel and Cluster.
Menu Changes: Two new options added to see the last month logs or last 6 months.
Version 2.2
Version 2.2 comes with the following enhancements:
DNS Resolver timeout reduced to improve response of time of Bypass Proxy when Primary DNS fails or is slow.
Cosmetic changes on "Show Configuration and Status" menu.
Version 2.1
Version 2.1 comes with the following enhancements:
Watchdog application added. This watchdog will prevent any potential deviation behaviour or memory leak of the process running on the CSCs.
Bypass proxy allows tunnelling to non standard HTTPS ports. This was requested by several customers using Cloud Services like SAP.
Version 2.0
Version 2.0 comes with the following enhancements:
New! Bypass Proxy functionality : The Bypass Proxy solves the problem when is required to send traffic direct to internet and not via Zscaler ZEN nodes.The most common case is when destination web site accepts only traffic coming from a specific public IP.Without the Bypass Proxy, customers where obligated to have an internal proxy or to configure several firewall rules and routes to the destinations required to be bypassed.The Bypass Proxy simplifies this task: using the Zscaler PAC files servers as repository of your bypasses and automating the task with AWS, you can easily get up to date all your bypasses in all CSC instances.The Bypass Proxy acts as Web Firewall. It only allows to reach domains hosts defined by the Administrator.
Resilient Algorithm: When returning to the Primary ZEN, Resilient Algorithm checks if the Primary ZEN was stable for 10 minutes before to change nodes.
Timers: Timers were adjusted to better support locations with long delays (more than 250 ms) to the ZEN Nodes.
Internal IPs: The CSC GRE Cluster is using now five consecutive IPs for the Internal side. The first one is the Internal Cluster IP, the second the VIP Proxy, the third is the Bypass proxy, the fourth is the interface of the csc-gre-a and the fifth the csc-gre-a.
External IPs: The CSC GRE Cluster is using now fourth consecutive IPs for the External side. The first one is the External Cluster IP, the second the Egress Bypass, the third is the interface of the csc-gre-a and the fourth the csc-gre-a.
New! Monitoring Tasks Menu: Traceroute and Latency Test. This Test does a MTR (MyTraceRoute) test to Primary & Secondary ZEN and Google DNS. In addition to this, if the tunnel is UP, this test does a MTR test on Reverse from the Zscaler node active to your public IP. This test is similar than the one provided on the Zscaler Analyzer tool with the advantage that has the ability to analyse the reverse path as well.
New! Monitoring Tasks Menu: Speed Test (Experimental). This test uses a third party tool: speedtest.net . This test provides the Ping delay, Download and Upload Speed.
New! "Configuration and Status" Menu. Using this menu, in one shot you will retrieve 32 configuration parameters and will do 16 status checks.
New! AWS Management. Now, you can manage the CSC Anywhere from AWS as "Managed Instance"