ScreenOS Firewalls (NOT SRX)
ScreenOS Firewalls (NOT SRX)

Remove use of Zscaler

04.24.12   |  
‎04-24-2012 08:46 AM

Hey folks.


I inherited this network, and it was using Zscaler.  The config still points to that, but subscription is no longer valid, so I just need to remove the Zscaler portion.  An suggestions?  Here is a snipped of my config:


set match-group name zscaler_http

set match-group zscaler_http ext-acl 10 match-entry 100

set match-group name vpn-http

set match-group vpn-http ext-acl 20 match-entry 100

set action-group name zscaler_http_gre

set action-group zscaler_http_gre next-interface tunnel.7 action-entry 10

set action-group zscaler_http_gre next-interface tunnel.8 action-entry 20

set action-group name vpn-http

set action-group vpn-http next-interface ethernet0/0 action-entry 10

set pbr policy name zscaler_http_gre

set pbr policy zscaler_http_gre match-group vpn-http action-group vpn-http 5

set pbr policy zscaler_http_gre match-group zscaler_http action-group zscaler_http_gre 10 exit

set interface ethernet0/8 pbr zscaler_http_gre


My apologies if I posted in wrong forum.





ScreenOS Firewalls (NOT SRX)
Accepted by topic author Shifu
‎08-26-2015 01:27 AM

Re: Remove use of Zscaler

04.24.12   |  
‎04-24-2012 09:42 AM

Just removing the last line did it:


unset interface ethernet0/8 pbr zscaler_http_gre


Thanks anyhow...



ScreenOS Firewalls (NOT SRX)

Re: Remove use of Zscaler

05.07.12   |  
‎05-07-2012 01:31 PM

We use Zscaler on many of our remote sites using GRE tunnels.  The last light basically removes the PBR policy from being bound to the interface.  If you care to remove the rest of those entries, you can find them by going to Network | Routing | PBR and remove all entries from Extended ACL, Match Group, Action Group and Policy.  The Policy binding will probably not reference the Zscaler policy since you removed it.