The new service capability facilitates resilient connectivity from Nile Service Blocks to Zscaler Internet Access (ZIA) service PoPs for customer-selected segments. This enables customers to enhance security posture and protect users, devices (IT/IoT/OT), and applications from Internet-based threats. The connectivity-as-a-service is fully automated with minimal configuration and elmiinates the operational burden of setting up and maintaining the service connectivity. It also helps customers ensure uniform security policies across remote and on-premise users.

Customers interested in forwarding NIle Service Block traffic to Zscaler ZIA first configure their Zscaler account credentails. This is necessary for enabling NSB to fully automate the discovery of the closest Zscaler ZEN PoPs, provisioning of resilient secure connectivity to Zscaler, and monitoring of the connectivity service, all without any further configuration. The connectivity service is designed with resiliency built-in, ensuring automated service recovery in the event of a failure.

The first step is configuring the Zscaler account credentials so a secure connection to Zscaler's APIs can be established. This can be done by going to Global Settings -> Integrations -> Setup integration with thrid party solutions -> SSE. Here you name the integration connector and identify Zscaler as the Provider as well as enter other account parameters as shown below.

Once the Zscaler account credentials are added, a test of the API can be performed using the TEST option, prior to saving the account configuration.

Once Zscaler API access is configured, customers can configure security policies that can selectively forward traffic from any network segment from the Nile Service Block directly to the Zscaler ZIA service. This is accomplshed by going to Global Settings -> Access Engine -> Create Rule -> Create Exteranl Rule.

From there, administrators can select any segment for which traffic should be forwarded to ZIA, select All Internet Bound Traffic, and then configure the forwarding behvaior in the event that the Zscaler ZIA service becomes unavailable.

Finally, the administrator can specify whether this rule should be Active or Inactive. When activated, any flows orginated from the identified segment(s) will be forwarded over the secured IPsec tunnel to Zscaler ZIA. Resiliency in the connectivity-as-a-service is automatically configured to automate recovery in the event of connectivity failure or service unavailability.