Screen OS

last person joined: 8 months ago 

This is a legacy community with limited Juniper monitoring.

  • 1.  Remove use of Zscaler

    Posted 04-24-2012 08:47

    Hey folks.

     

    I inherited this network, and it was using Zscaler.  The config still points to that, but subscription is no longer valid, so I just need to remove the Zscaler portion.  An suggestions?  Here is a snipped of my config:

     

    set match-group name zscaler_http

    set match-group zscaler_http ext-acl 10 match-entry 100

    set match-group name vpn-http

    set match-group vpn-http ext-acl 20 match-entry 100

    set action-group name zscaler_http_gre

    set action-group zscaler_http_gre next-interface tunnel.7 action-entry 10

    set action-group zscaler_http_gre next-interface tunnel.8 action-entry 20

    set action-group name vpn-http

    set action-group vpn-http next-interface ethernet0/0 action-entry 10

    set pbr policy name zscaler_http_gre

    set pbr policy zscaler_http_gre match-group vpn-http action-group vpn-http 5

    set pbr policy zscaler_http_gre match-group zscaler_http action-group zscaler_http_gre 10 exit

    set interface ethernet0/8 pbr zscaler_http_gre

     

    My apologies if I posted in wrong forum.

     

    Thanks,

     

    Shifu



  • 2.  RE: Remove use of Zscaler
    Best Answer

    Posted 04-24-2012 09:43

    Just removing the last line did it:

     

    unset interface ethernet0/8 pbr zscaler_http_gre

     

    Thanks anyhow...

     

    Shifu



  • 3.  RE: Remove use of Zscaler

    Posted 05-07-2012 13:32

    We use Zscaler on many of our remote sites using GRE tunnels.  The last light basically removes the PBR policy from being bound to the interface.  If you care to remove the rest of those entries, you can find them by going to Network | Routing | PBR and remove all entries from Extended ACL, Match Group, Action Group and Policy.  The Policy binding will probably not reference the Zscaler policy since you removed it.