Zscaler Internet Access – Client Connector Forwarding Modes

The cloud has fostered the evolution of traditional connectivity models to improve the user and application experience. Security is becoming a growing concern as traditional perimeters are disappearing and a Zero Trust approach is essential in today’s security architectures.

Therefore, I would like to share some technical information about the Zscaler Internet Access solution and its available forwarding modes to enforce Internet traffic security.

Next, the list of topics covered in this post:

What is ZIA?
ZIA Benefits
What is Client Connector?
Client connector Forwarding Modes
- Z-Tunnel 1.0
  - Z-Tunnel 1.0 – Routed Mode
  - Z-Tunnel 1.0 – Packet Filtered Mode
- Tunnel with Local Proxy
- Z-Tunnel 2.0
- Enforce Proxy
- None
Client Connector Forwarding Modes: Pros and Cons
Client Connector Forwarding Modes: What to use When

What is ZIA?

ZIA is a cloud-delivered security stack as a service. ZIA is a Secure Internet and Web Gateway delivered from the cloud and offered as a service with in-depth protection.

ZIA Benefits

Some ZIA benefits are:

Always-on, identical protection: by moving security to the cloud, all users and locations get always-on security regardless of location. Security policy goes everywhere users go.
A cloud-ready network platform: direct-internet connections to Zscaler Cloud offers a fast, secure user experience. Reducing backhauling and appliance costs, improving performance and latency, and simplifying network administration.
Defend with the ultimate security stack: a security stack as a service improves protection as multiple technologies expertly work in unison to stop more threats. Delivery as a cloud service enables unlimited inspection capacity, even across SSL. Users and security services scale as needed.

What is Client Connector?

Zscaler Client Connector is a lightweight application that runs on a user’s endpoint device (laptops, smart phones and tablets). Client Connector automatically forwards all user traffic to the closest Zscaler service edge—one of more than 150 around the globe—ensuring that security and access policies are enforced across all devices, locations, and applications. Zscaler Client Connector automatically determines if a user is looking to access the web, a SaaS app, or an internal app, and then routes traffic to the appropriate Zscaler service.

Client Connector Forwarding Modes

Zscaler recommends installing Zscaler Client Connector on users’ devices to protect their web traffic when they are accessing the Internet from an unknown location (remote user).

With Zscaler Client Connector’s Internet security feature, users’ web traffic can be protected even when they are outside the corporate network. The app forwards user traffic to the Zscaler service and ensures that the organization’s security and access policies are enforced wherever they might be accessing the Internet from. The app automatically detects when the user is no longer within the secure network, then automatically creates a connection to the Zscaler service from the unknown location.