Zscaler Troubleshooting
Overview
Summary
The Zscaler Troubleshooting Library Pack provides insights into the operational status of the Zscaler Client Connector and the ZSAService in your landscape.
Problem
Zscaler is one of the most recognized cloud security providers, securing millions of employees’ access to their applications from their devices. However, Zscaler sometimes silently disconnects and de-authenticates without the user’s knowledge. This results in the user losing access to internal applications.
It is now common for employees to suddenly lose access to their critical business applications without them understanding why. Support teams incessantly face urgent L1 tickets that waste IT and employees’ time.
Solution
Ensure Zscaler is running and connected on all devices in the landscape by monitoring your employees’ Zscaler client connectivity, performance, and ability to authenticate.
With real-time visibility into their current status, you can proactively repair, restart, or re-authenticate Zscaler clients and drastically reduce incoming Zscaler-related tickets.
Key Features
Real-time visibility into Zscaler installations, performance, connectivity, and errors.
Dedicated dashboard to monitor connection failures and network traffic.
A detailed breakdown of ZIA and ZPA service errors preventing successful authentication.
Remote Actions to remotely start Zscaler clients and prompt users to re-authenticate.
Changelog
V1.0.0.0: Initial release
Dependencies
This pack uses two Remote Actions (RA) that should be executed on a schedule:
Get Zscaler Status ( Windows )
Start Zscaler ( Windows )
Pack Structure
Dashboards
This library pack has two default dashboards: Overview, Connectivity, Stability, and Compliance.
Overview
This dashboard provides you with a broad view of your Zscaler landscape. From the top down, you are presented with widgets showing the number of devices facing authentication issues. The employee will lose access to internal applications if Zscaler Client Connector does not authenticate properly.
Devices not forwarding traffic is a problem, as the device's network traffic cannot be secured and inspected for compliance with security and access policies.
Remote Action (RA) insights: It’s essential to know the operational status of this Library packs RA’s hence why this section exists. You can see which devices have failed to execute the Get Zscaler Status and Start Zscaler RA’s. If these RAs fail to execute successfully, then the data in the Library pack will not be accurate.
Connectivity
This dashboard provides high-level insights into the networking performance of devices with Zscaler installed. It should be used to inform an understanding of the context behind any Zscaler-related networking issues.
Stability
The stability dashboard provides widgets to inform you about the various errors your Zscaler Client Connector is facing within your landscape. An overview of some of the more common errors is provided, but a general view of Zscaler Private Access (ZPA) and Zscaler Internet Access (ZIA) is provided at the top for quick viewing. For more information about Zscaler Client Connector errors, consult the official documentation here.
Compliance
This dashboard provides information regarding various versions of the ZSAService running within your landscape and its distribution across regions and operating systems. One of the essential widgets on this dashboard is the “Devices with unsupported Zscaler versions” KPI_._ This KPI returns the number of devices whose ZSAService version is below 3.8. Any ZSAService with a version below 3.8 is no longer supported. It is imperative that the “Devices with unsupported Zscaler versions“ KPI be updated to filter for newly unsupported versions. You can find out more about supported versions here.
We suggest updating Zscaler to the latest version available whenever possible to reduce vulnerability to security issues or exposure to bugs.
Remote Actions
This library pack depends on the two Remote Actions listed below. Make sure to configure an execution schedule for each of them, as shown. If you need help creating the NQL queries for scheduled tasks, please look at the NQL tutorial.
Get Zscaler Status (Windows only)
a. We recommend executing this RA hourly but feel free to configure the schedule to your needs.
b. As shown in the Gif below, you can define a custom NQL query and RA execution schedule:
a.
b. Here is a snippet of the NQL query used in the gif above. The query simply returns a list of Windows devices. Edit the query as desired:
Start Zscaler (Windows only) a. This RA starts the ZSAService.exe if it is not already running. It will automatically create a scheduled task to start the service and prompt the user through a campaign to notify them of this action. It takes two parameters: Task scheduler time delay and Start Zscaler scheduled campaign ID. The first input determines how many seconds to wait before executing the scheduled task. The second input is the ID of the automatically generated campaign that will inform the user of the scheduled task. b. Use this RA against devices with Zscaler not running.
Last updated