Last active
January 18, 2024 19:05
-
-
Save duboisf/40fa6f4036f708d32dd1c34a3af6805a to your computer and use it in GitHub Desktop.
ufw rules to get zscaler working on linux
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| sudo ufw allow in on zcctun0 proto any from 10.0.0.0/8 to 100.64.0.1 port 9000 | |
| sudo ufw allow in on zcctun0 proto any from 100.64.0.0/16 to 100.64.0.1 port 9000 | |
| sudo ufw allow in on zcctun0 proto any from 100.64.0.0/16 to 100.64.0.1 port 9010 | |
| sudo ufw allow in on zcctun0 proto udp from 100.64.0.0/16 to 100.64.0.1 |
ok so was trying to connect to a server in 10.0.0.0/8 and it wasn't working, so added another rule:
sudo ufw allow in on tun0 proto tcp from 10.0.0.0/8 to 100.64.0.1 port 9000
Was having issues updating zscaler, saw that apparmor was blocking zscaler, found https://help.zscaler.com/client-connector/resolving-auto-update-issues-zscaler-client-connector-linux-1.2
Had to uppate the ufw rules as the interface name is now zcctun0, used to be tun0.
This solved the Endpoint FW/AV Error issue I was having on Manjaro with ZScaler 1.4.1.41, thanks!
Works perfectly on Ubuntu 22.04 with ZScaler 1.5.0.37. Thank you!
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
ok trying to access stuff behind zscaler I see I might be missing other rules 😭