The Cloud Security Connector GRE Cluster allows you to protect your Internet traffic in compliance with the best practices for Zscaler Internet Access (ZIA) and and communicate private Cloud Workloads (PriCPA).


Attached the Administrator Guide for version 4.0.5


The Cloud Security Connectors Family


Key benefits of the Cloud Security Connector GRE Cluster for Virtual Platforms


  • No Networking knowledge is required.

  • The CSC is a direct replacement for your current legacy Web Security Appliance.

  • Enables any Location to be connected to Zscaler ZIA up to 3 Gbps.

  • Easy to create: Filling a form indicating your IPs and GWs.

  • Easy to deploy: Deploy OVA file setting the External and the Internal interface.

  • With Private Cloud Private Access (PriCPA) you can connect all sites securely on a Zero Trust model. The CSC secures your Private Traffic between your physical and cloud locations.

  • The CSC comes with the optimal values to work with Zscaler ZIA.

  • Full tunnel redundancy.

  • High Availability.

  • All traffic forwarding options supported:

    • Route all traffic to Zscaler (or http/s only).

    • Use of PAC files.

    • Use of Explicit Proxy.

    • No default Route scenarios.

  • Multiple options to Bypass Traffic via dedicated Public IP:

    • Layer 7 Proxy Bypass to Trusted Web Sites.

    • Layer 4 Routed Bypass: TCP, UDP and ICMP per source/destination Network and Port (UDP/TCP)

  • New! Full Proxy mode for devices with Explicit Proxy settings (i.e. Linux hosts), enabling communications to Zscaler (Location IP based), direct domain Bypass (ie. .domain.com) and communication with internal systems.

  • Zscaler Cloud Firewall and Cloud Web Security.

  • Complete visibility of internal IPs on Zscaler Console.

  • No operational burden for Administrators.

  • Full hardened device.

  • Works behind a NAT.

  • All virtual platforms supported: Vmware, Hyper-V, KVM, Etc. Hardware version available if required.

  • Multiple tools for testing and troubleshooting included: Traffic Logs. TCPDump, Speed Test, MTR (MyTraceRoute), Keepalives statuses, Etc.

  • Allow the internal communication between your locations with Private Cloud Private Access.

  • Management via SSH, AWS Systems Manager, Rundeck or similar. (Ansible, Salt, Etc.)

  • Small OVA instance: 2 CPU, 4 GB RAM, 16 GB Disk