DLP ICAP Requirements
Looking for the latest changes?
Changelog.
- In order to ensure that the Zscaler service can communicate with your DLP server using Internet Content Adaptation Protocol (ICAP), you must configure your firewall to allow the traffic described below.
| Service | Source | Destination | Description |
|---|---|---|---|
| TCP/1344 (ICAP) | Zscaler Enforcement Nodes (ZEN) on FCC Cloud | Customer DLP Server Public IP | Traffic sent by the Zscaler service to customer’s public-facing appliance (DLP server or Load Balancer) using ICAP |
| TCP/11344 (ICAPs) | Zscaler Enforcement Nodes (ZEN) on FCC Cloud | Customer DLP Server Public IP | Traffic sent by the Zscaler service to customer’s public-facing appliance (DLP server or Load Balancer) using ICAPs * |
* ICAPs requires a third-party application (s-tunnel or other similar applications) to decrypt the traffic.
ZEN IP Addresses on FCC Cloud
| Required IP Addresses |
|---|
| 104.129.192.118 to 104.129.192.126 |
| 165.225.72.138 to 165.225.72.146 |
| 199.168.148.90 |