<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeCommunityForum
0D54z00007UhX3RCAVOkta Classic EngineAdministrationAnswered2023-09-21T01:40:06.000Z2022-03-09T19:36:19.000Z2022-03-12T20:29:46.000Z

SvcBancsAPITestT.08169 (Customer) asked a question.

March 9, 2022 at 7:36 PM
Network Zones with ZScaler & PRISMA Cloud

I have an application that I restrict access by Group Membership & IP address.

Some of my clients use ZScaler, so if I add their source IPs to the Gateway IP section of the Zone and the ZScaler addresses to the trusted proxy to enforce my policy of GroupMembership not in Zone, Deny policy, that should work. Okta even provides a link to ZScaler IP lists to do this via copy/paste.

 

The issue is when I have clients that use PRISMA.

From what I understand, their IP space is highly dynamic and changes daily, if not more often. Is there a way to set PRISMA as the Trusted Proxy for a specific Zone?

  • 1 answer
  • 860 views
AlexS.13183 likes this.
This question is closed.
Loading
Network Zones with ZScaler & PRISMA Cloud