ScreenOS Firewalls (NOT SRX)
Reply
Visitor
Shifu
Posts: 3
Registered: ‎04-24-2012
0
Accepted Solution

Remove use of Zscaler

Hey folks.

 

I inherited this network, and it was using Zscaler.  The config still points to that, but subscription is no longer valid, so I just need to remove the Zscaler portion.  An suggestions?  Here is a snipped of my config:

 

set match-group name zscaler_http

set match-group zscaler_http ext-acl 10 match-entry 100

set match-group name vpn-http

set match-group vpn-http ext-acl 20 match-entry 100

set action-group name zscaler_http_gre

set action-group zscaler_http_gre next-interface tunnel.7 action-entry 10

set action-group zscaler_http_gre next-interface tunnel.8 action-entry 20

set action-group name vpn-http

set action-group vpn-http next-interface ethernet0/0 action-entry 10

set pbr policy name zscaler_http_gre

set pbr policy zscaler_http_gre match-group vpn-http action-group vpn-http 5

set pbr policy zscaler_http_gre match-group zscaler_http action-group zscaler_http_gre 10 exit

set interface ethernet0/8 pbr zscaler_http_gre

 

My apologies if I posted in wrong forum.

 

Thanks,

 

Shifu

Visitor
Shifu
Posts: 3
Registered: ‎04-24-2012
0

Re: Remove use of Zscaler

Just removing the last line did it:

 

unset interface ethernet0/8 pbr zscaler_http_gre

 

Thanks anyhow...

 

Shifu

Contributor
Raj909
Posts: 45
Registered: ‎10-20-2008
0

Re: Remove use of Zscaler

We use Zscaler on many of our remote sites using GRE tunnels.  The last light basically removes the PBR policy from being bound to the interface.  If you care to remove the rest of those entries, you can find them by going to Network | Routing | PBR and remove all entries from Extended ACL, Match Group, Action Group and Policy.  The Policy binding will probably not reference the Zscaler policy since you removed it.

Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.