This article provides an overview of leveraging the Zscaler captive portal with Cloudi-Fi in three ways.
Overview
Leveraging Zscaler ZIA with Enhanced Authentication
For existing Zscaler customers, the guest network is usually secured by the tenant, but authentication is not done or done locally on the network. Consequently, not all guests are identified in Zscaler, and only one policy is applied to all traffic (daily guests, consultants, and BYOD). To leverage Zscaler ZIA, it is necessary to configure GRE/IPSEC redundant tunnels on the router/firewall/SD-WAN device.
Cloudi-Fi expands Zscaler's authentication capabilities, enabling it to authenticate and securely manage all users and devices, including BYOD (Bring Your Own Device) and IoT (Internet of Things). This also includes the guest authentication flow.
Customizable Time and Duration Settings for Zscaler Security Policies
With the captive portal, guests can be profiled based on their authentication method. Different policies can be applied to daily guests, consultants, employees, and directory groups in Zscaler. Security policies, along with time and duration settings, can be configured for each profile.
Manage compliance for your captive portal deployed on Zscaler
In numerous countries, retaining Internet logs for a designated period and associating them with the respective users is mandatory. The correlation of authentication and Internet logs is required for government request processing, and all logs are securely hosted in the cloud.
By correlating authentication logs from Cloudi-Fi and pseudonymized Internet logs from Zscaler, administrators can utilize the Cloudi-Fi administration interface and the "Visits" menu for this purpose. Access to this menu should be restricted to a select few administrators with appropriate administration profiles.
What’s next?
This table provides an overview of four distinct configurations, each with various implications regarding setup and licensing.
| Solution matrix | 1. Deployment with a dedicated Zscaler Tenant | 2. Deployment with your existing Zscaler Tenant | ||
| 2.1. Full integration | 2.2. Only location integration | 2.3. Manual integration | ||
| Setup complexity | Easy | Medium | Hard | Hard |
| Deployment of a new site | Easy | Medium | Medium | Hard |
| Documentation | HERE | HERE | HERE | On demand to Cloudi-fi Support |
For more information about our solutions integrated with Zscaler, including a how-to video and a comprehensive solution brief, please visit our partner page.