Virtual ZEN Requirements
Looking for the latest changes?
Changelog.
- To ensure that your Virtual ZEN works correctly in your environment, configure your firewall to allow the outbound connections listed in the following table.
- There is no need to open inbound connections from the cloud.
| Source IP | Destination IP | Service Port | Description |
|---|---|---|---|
| VZEN IP Addresses | Zscaler Hub IP | 9422 (TCP) | Authentication and Policy Retrieval |
| VZEN IP Addresses | Zscaler Hub IP | 443 (TCP) | Download of software updates |
| VZEN IP Addresses | Zscaler Hub IP | 9431 (TCP) | Log transmission to Zscaler Nanolog for Analytics |
| VZEN IP Addresses | Zscaler Hub IP | 9442 (TCP) | VZEN Network configuration download |
| VZEN IP Addresses | Remote Support IP | 12002 (TCP) | Reverse Tunnel for Remote Support Assistance from Zscaler (This feature is disabled by default, and must be explicitly enabled on the Virtual ZEN. See the Troubleshooting Section in the Virtual ZEN Guide for usage)1 |
| VZEN IP Addresses | Local Nameserver IP | 53 (TCP/UDP) | Name Resolution |
| VZEN IP Addresses | All or Local NTP Server IP | 123 (UDP) | Time sync with NTP Servers. Virtual ZEN is extremely sensitive to VM and the cloud times being in sync. Please refer to the latest Virtual ZEN Guide for configuring sync with local NTP Server. |
| VZEN Proxy IP Address | Any | Any | Outbound Proxy/Firewall/Traffic Forwarding For Protected Traffic |
1Remote Support IP 199.168.148.101
VZEN IP Addresses refers to Proxy IP, Mgmt IP and the LB IP.
Virtual ZEN Inbound Connection Requirements
- No inbound connections from Zscaler cloud required.
| Source IP | Destination IP | Service Port | Description |
|---|---|---|---|
| Local Network | VZEN Management IP | 22 (TCP) | Shell access to the Virtual ZEN |
| Local Network | VZEN Cluster IP or VZEN Proxy IP | 80, 443, 8800, 9400, 9443, 9480, Organization Dedicated Port (TCP) or GRE Tunnel | Traffic forwarding into VZEN. Use Cluster IP for cluster mode and VZEN Proxy IP for Standalone mode |
Zscaler Hub IP Addresses
| Required IP Addresses | |
|---|---|
| 165.225.44.192/24 | 165.225.75.0/24 |
| 104.129.202.0/24 | 165.225.108.0/24 |
| 8.25.203.0/24 | 27.251.211.238/32 |
| 216.52.207.64/26 | 213.152.228.0/24 |
| 64.74.126.64/26 | 70.39.159.0/24 |
| 72.52.96.0/26 | 89.167.131.0/24 |
| 104.129.192.0/23 | 104.129.194.0/23 |
| 104.129.196.0/23 | 185.46.212.0/22 |
| 199.168.148.0/24 | 165.225.72.0/22 |
| 199.168.149.0/24 | 199.168.150.0/24 |
| 199.168.151.0/24 | 209.51.184.0/26 |
| 216.218.133.192/26 | |
| Recommended IP Addresses |
|---|
| 104.129.192.0/20 |
| 165.225.0.0/17 |
| 165.225.192.0/18 |
| 199.168.148.0/22 |
165.225.44.192/24
165.225.75.0/24
104.129.202.0/24
165.225.108.0/24
8.25.203.0/24
27.251.211.238/32
216.52.207.64/26
213.152.228.0/24
64.74.126.64/26
70.39.159.0/24
72.52.96.0/26
89.167.131.0/24
104.129.192.0/23
104.129.194.0/23
104.129.196.0/23
185.46.212.0/22
199.168.148.0/24
165.225.72.0/22
199.168.149.0/24
199.168.150.0/24
199.168.151.0/24
209.51.184.0/26
216.218.133.192/26
104.129.192.0/20
165.225.0.0/17
165.225.192.0/18
199.168.148.0/22