The Cloud Security Connector (CSC) is a device designed for effortless deployment of the Zscaler Internet Access (ZIA) solution in any customer environment. CSC models are readily available for Virtual Platforms such as VMware, Hyper-V, etc., and Public Clouds such as AWS, Azure, and Gcloud, ensuring a smooth setup process.
The CSC GRE for Virtual Platforms empowers you to connect securely to Zscaler ZIA at a blazing speed of up to 3 Gbps, ensuring high security and efficiency without any hassle.
(Please, scroll down to download the Administrator Guide for version 4.2.0)
The Cloud Security Connectors Family
Key benefits of the CSC GRE for Zscaler with PriCPA
The CSC GRE for Virtual Platforms is an "all-in-one" solution for cloud security networking requirements. The CSC solves the connectivity to Zscaler and replaces Azure VPN and NAT Gateways, bringing down your cloud communication costs.
The Key benefits are:
Savings:
The CSC reduces communication costs by 80% or more compared to using separate technologies for cloud security networking, such as Azure Wan, Express Connect, NAT Gateways, VPN Gateways, Firewalls, Service Broker Clouds, SD-WAN or MPLS. The CSC replaces all of them.
Reduced TCO
It runs on an small VM: 2 CPU, 4 GB RAM, 16 GB Disk
Performance and Scalability:
High Performance to Zscaler: up to 3 Gbps.
High Performance for Private Traffic (cloud to cloud, site to cloud): up to 1 Gbps encrypted traffic with Zero Trust.
High Performance for local Outbound Firewall (Advanced NAT Gateway - ex Routed Bypass): 1 Gbps or more.
High Performance for local Proxy Bypass (Standard or Advanced): 1 Gbps.
High Availability:
The CSC can be deployed in cluster mode.
Automatic switch of cluster active – passive.
Automatic configuration of "Floating Public IP" for PriCPA and GRE tunnel.
Simplicity:
No Networking knowledge required.
No operational burden for Administrators.
Networking as a code.
We provide the OVA file configured ready to work.
Zscaler auto-provisioning.
2 Steps configuration for Private Cloud Private Access: Onboard the Node to PriCPA Cloud and Deploy Policies (Single JSON file).
Security:
Full hardened device.
All private traffic is encrypted using latest state of the art encryption protocols.1
Zero Trust.
Outbound Firewall (Advanced NAT Gateway)
Blocks Lateral movement.
Automatic Security Group provisioning.
Flexibility:
Any to Any Communications: site-to-site, site-to-cloud, cloud-to-cloud.
All protocols are supported.
Visibility:
Traffic Logs and System Logs.
Traffic visibility End to End.
Source IPs preserved.
SNMP Support.
Simple Management:
Local Management: SSH Admin Console with configuration wizards, full status reporting.
Remote Management: No proprietary software required. You can use any change management tool to configure and update the CSC, such as AWS System Manager (SSM agent), Ansible, Rundeck, scripting via SSH or similar.
SNMP v2c and v3 support.
Radius/MFA for SSH Admin Console access.
SIEM/Syslog integration for Traffic and Systems Logs.
TCPDump integrated in the SSH Admin Console.
Linux terminal console allowed (csccli user).
Multiple tools for testing and troubleshooting included: Traffic Logs. TCPDump, Speed Test, MTR (MyTraceRoute), Keepalives statuses, Etc.
Zscaler Project specific features
The CSC comes with the optimal values to work with Zscaler ZIA.
Full tunnel redundancy.
Zscaler Cloud Firewall and Cloud Web Security.
Complete visibility of internal IPs on Zscaler Console.
All traffic steering options supported:
Route all traffic to Zscaler.
Use of PAC files.
Use of Explicit Proxy.
No default Route scenarios.
Use of ZCC (Zscaler Client Connector) over tunnel.
Multiple options to Bypass Traffic via dedicated Public IP:
Layer 7 Proxy Bypass to Trusted Web Sites.
Layer 4 Routed Bypass: TCP, UDP and ICMP per source/destination Network and Port (UDP/TCP)
Full Proxy mode for devices with Explicit Proxy settings (i.e. Linux hosts), enabling communications to Zscaler (Location IP based, uplink proxy), direct domain Bypass (ie. .domain.com) and communication with internal systems.