Dear Community,as we need to support many customers via VPN, I often have to deal with setting rules,to allow VPN Clients to connect to remote sites from inside our network.Always easy until now:A customer came up with the Zscaler Client and I wasn't able to make settings for this connection to my satisfaction.I only get it working, when I disable Pharming Protection, which is not what I want !Here the Details:Regarding, what I can see on the Web Filter Log, Zscaler seems to connect in two stages- first it connects to the Zscaler endpoint at the customer's site and promts me to login- when this is done, it tries to connect to some URL of the Zscaler infrastructure "https://driv.com.c2.prod.zpath.net/"
And that's where the UTM (V 9.605-1) breaks it.The URL seems to be some kind of "virtual URL", which is not resolvable.Even an online DNS lookup delivers no result.So Web Filtering blocks the attempt of the Client, to contact this URL with the error "Host not found"Now it would be nice, to simply disable the URL check for this very URL.
But no matter what exception or bypass I define in the Web Filter Rules - block action takes part before regarding any exclusions.The only way, to get around is, to disable Pharming Protection.To me this is no real solution, as I totally disable a security feature, instead of configuring an exception just for this URL.The issue is similar to the behaviour described in this thread
Any ideas how to resolve this issue are highly appreciatedBest Regards RanX
Guessing why Pharming Protection is a problem:
With Pharming Protection on:
Good Morning Douglas !The second part of the description is not completely correct.I also don't know, why it was marked as answer.It only describes the behaviour but does not provide a solution, to get around this.But to give a general description, of what happens in my case and in the thread I referred to ("snapchat is blocked")With Pharming Protection on:
The only way to resolve this, would be, to somehow exclude these URLs from Pharming Protection.But at present, I did not find any method to accomplish this.
So either there is a way I've overseen or if this is a feature, which is still missing in Pharming Protection.Best RegardsRanX
Doug is right - there's nothing you can do other than disable pharming protection. I've done that at many client sites. An Exception is a good suggestion. You might mention it at Ideas and then come back here and provide a link to it.
Cheers - Bob