Version 4.0 comes with the following enhancements:
- New! Private Cloud Private Access: PriCPA is a unique functionality of the Cloud Security Connector. PriCPA allows you to create a Private Cloud among all CSCs for private traffic. In a matter of minutes, you can build a full mesh encrypted topology between your locations for private traffic with Zero Trust. After making the Private Cloud, you can set up your policies to define who will talk with whom inside your Private Cloud.
- New! Proxy Bypass Advanced Mode: This functionality was created for servers and devices with Explicit Proxy settings. It provides connectivity to Zscaler (upstream Proxy), DIRECT via local public IP and also connectivity to internal websites.
- New! Traffic Logs: The CSC can send all traffic logs to a Syslog/SIEM server. The Traffic Logs provide visibility of all IP communications to Zscaler, Routed and Proxy Bypasses, PriCPA, and Local received and generated traffic. This functionality is essential to customers with a basic Zscaler Cloud Firewall license.
- New! SNMP support: The CSC can be monitored via SNMP v2c and v3.
- New! Radius integration: You can access the Admin console using your username and authenticating via Radius protocol to a Radius Server.
- New! The "csccli" user can be enabled and configured via the Admin console, allowing terminal access to the CSC using SSH keys.
- New! SSH access can be restricted per Subnet or IP. It applies to the CSC's Internal (eth1) and PriCPA interface. It is not required anymore to set up external security groups.
- New! TCPdump functionality is provided via the Admin console for easy troubleshooting of IP traffic.
- New! Netscanner functionality helps to find internal Apps behind the CSC.
- Base OS upgraded to Ubuntu 22.04
- New! Zscaler API integration for the automatic creation of Static IP, GRE Tunnels, ZEN node Selection and Location on the Zscaler console.
- New! Routed Bypass functionality. Routed Bypass functionality allows to create Layer 4 bypasses when traffic is routed via the CSC's Gateway IP. You can do bypasses per Source/Destination IP/Subnet, protocol TCP or UDP and any port range.
- New! When the CSC switches to the Secondary node, you can decide to remain using the Secondary node (returnToPrimaryTunnel=false) or change back to the Primary node (returnToPrimaryTunnel=true) after 10 minutes of stability of the Primary Tunnel.
- Cloud DNS setting is now AWS DNS (primary) and Google DNS 22.214.171.124 (secondary)
- Some cosmetic changes on Menus.
- Base OS is now Ubuntu 20.04.