Usage guide: Zscaler troubleshooting

Introduction

This library pack will help you monitor, manage, and enhance the Zscaler experience across your landscape to ensure employees can access all their Zscaler functionalities and connect effectively without frustration. This page will guide you through the structure of the content and how it can be used.

Please keep in mind this is a guide and represents just some of the potential insight and actions you can take. There are many use cases and specific troubleshooting scenarios that you might uncover in your environment.

Ensure you library pack is properly configured by following the steps highlighted in its configuration guide:

Configuration guide: Zscaler troubleshooting

Pack structure

Visibility

The "Zscaler troubleshooting" live dashboard acts as the starting point of this library pack. It provides visibility into your Zscaler landscape to easily monitor and uncover any issues and/or areas of improvement.

Additional visibility into the overall health and reliability of the web and desktop client can be accessed from your Applications module using the Zscaler and Zscaler network applications.

Advanced troubleshooting and remediation

For more in-depth investigations, you can rely on the results of specific data-gathering remote actions.

Get Zscaler status: The remote action reports the statuses listed below.

  • Running - This output shows whether Zscaler is currently running or not on the endpoint

  • ZNW_state - Zscaler Client Connector network state of device (indicates that the device is connected to a trusted network or an untrusted network)

  • ZPA_state - Zscaler Private Access connection state of device (Indicates that the device is either connected or not connected to ZPA)

  • ZWS_state - Zscaler Workload Segmentation state of the workload protection service (Indicates that the ZWS service is either active or inactive).

This data-gathering remote action is used to populate the live dashboard and should already be scheduled. You can query the results by investigating KPIs from the Live dashboard or from your own investigations.

The “Devices with Zscaler Not Running” KPI widget on the “Zscaler Troubleshooting” dashboard reports devices where the Zscaler service is not running. If the Zscaler service is detected as not running, execute the “Start Zscaler” remote action:

  • Start Zscaler: Creates a scheduled task on the target system to start the Zscaler main service (ZSAService) in a given time provided by the input parameter TaskSchedulerTimeDelay (60 to 3600 seconds).

The "Start Zscaler - Notification" campaign is used with its RA to notify users of the that Zscaler is starting and that they may need to re-authenticate.

Use cases

Identify areas of improvement

In the dashboard's Overview tab, you can access a helicopter view of where you might have problematic areas. Based on this information, you can navigate to the respective tab to troubleshoot in more detail.

The filters above the dashboard can help you focus your visibility on a specific area, device or platform type. The time picker can also be used to look at your data on more granular or longer-term time scale.

Troubleshoot Zscaler connectivity issues

The dashboard's connectivity tab identifies potential connectivity issues. This information can be used to inform support teams and to assist in making appropriate decisions, such as upgrading Zscaler older versions before analyzing any other root causes of poor connectivity.

Trend information is displayed on a line chart to help track improvements over time to see if any taken actions have been effective.

The Zscaler network application is designed to analyze connectivity health and traffic. It allows for detailed examination of individual destination domains and ports to assess performance. In this example, the domain zscloud.net and port 443 are selected as the destination, which handles the majority of Zscaler tunneled data. Monitoring the connectivity health of this segment of the network is particularly important.

Ensure a stable Zscaler landscape

The dashboard stability tab provides widgets to inform you about the various errors your Zscaler Client Connector is facing within your landscape. An overview of some of the more common errors is provided, but a general view of Zscaler Private Access (ZPA) and Zscaler Internet Access (ZIA) is provided at the top for quick viewing. For more information about Zscaler Client Connector errors, consult the official documentation here.

The Zscaler desktop application offers valuable insights into the stability of the system. It reports on crashes and the health of Zscaler binaries, providing detailed information that can be further analyzed. This data can be leveraged for in-depth investigations using e.g. binary profiling product feature.

Manage compliance

We suggest updating Zscaler to the latest version available whenever possible to reduce vulnerability to security issues or exposure to bugs.

The Compliance tab of the dashboard provides information regarding various versions of the ZSA Service running within your landscape and its distribution across regions and operating systems. One of the essential widgets on this tab is the “Devices with unsupported Zscaler versions” KPI. This KPI returns the number of devices whose ZSA Service version is below currently supported version. It is imperative that the “Devices with unsupported Zscaler versions“ KPI be updated to filter for newly unsupported versions. You can find out more about supported versions here.


RELATED TOPICS

Last updated