Tag: testing

Hello

In Zscaler Client Connector version 4.8 there is a new useful feature called Device Location Services. It’s quite handy, because in rare cases where the IP-location database is out of sync, the Zscaler brain thinks that your public IP address points to a different region than the one where you really are. This might lead to a situation where you’re in California, but you get mapped to a DC in Atlanta just because your provider started to advertise your network range from Atlanta.
There are many ways to fix this but for the sake of this blog entry let’s limit it to two:
– you raise a ticket to get a so-called Geo override done by network support
– you enable Endpoint Location services (keyword: endPointLocationForDCSelectionVisibility)

To get endpoint location services enabled, you also need to raise a ticket (but only once) to get this feature enabled. After this is done, you can see the option Use Endpoint Location for Zscaler DC Selection in the app profile under Advanced tab:

Let’s see if this actually does anything.
Before enabling it, Zscaler looks at my public IP and will probably think that my location is Warsaw, Poland because of the IP-database mapping.
I’m currently onnected to the London DC because with the ‘test’ zscalerone cloud I don’t actually have a better option.

I then enable the feature and in Zscaler app click on Update Policy.

Let’s make sure that Windows Location services are on:

I can see that Zscaler Client Connector accessed my location just a moment ago.

If I export the ZCC logs, at 18:23:733 there is information about UPDATE_ZIA_GEO_LOCATION. This is good.

…but sadly it’s not working. ZCC fails to get my location and falls back to the IP mapping. At this point I have no idea what i’m doing wrong so I guess it’s time to do some internal investigation.

15 minutes later I realize that I first need to restart the ZCC service on my PC and then finally I see the following log entry with the right coordinates, based on my WiFi (This is very interesting but it’s a topic for a different discussion)

This location is Strzelin, Poland. From now on, the choice of DC will be based on my geographical location and not on my public IP. In this case the difference is about 300km and while to me personally it makes no difference on the zscalerone cloud, if I was on a commercial ‘customer’ cloud, I would probably now get connected to Vienna DC rather than to Warsaw DC.

Finally, I would like to underline that my opinion is that this feature should only be enabled if you cannot change your DC selection in any other way. Treat it like a last-resort thing, because it’s usually better to modify the PAC file (especially if you’re in Europe it’s a good idea to use the country gateway variable) or enable ZIA latency-based Service Edge assignment . Also, even if you’re very far away from a DC (in my case Poland > UK), the chances are that you will get a very good connection to it anyway. However, if you’re in a large country like the US, device location services might be quite useful.