Fine-tune Forward Proxy Configuration with Advanced Settings

Supported Clouds: Commercial Clouds , FedRAMP High , FedRAMP Moderate

We're excited to introduce new configuration options in the Advanced Settings section (Administration > Advanced Settings) of our platform. These options allow you to fine-tune your forward proxy settings to enhance security and optimize DNS resolution.

Block CONNECT Host and SNI Mismatch: Enable this option to block forward proxy connections where the CONNECT host doesn't match the SSL/TLS client hello SNI. This helps prevent potential security risks and ensures a secure connection.

Prefer SNI over CONNECT Host for DNS Resolution: Enable this option to prioritize the SSL/TLS client hello SNI for DNS resolution instead of the CONNECT host for forward proxy connections. This optimization improves performance and efficiency in DNS resolution.

Please note that if you encounter a use case where an upstream proxy includes the IP in the CONNECT host name received by Zscaler, causing a mismatch and blocking traffic, you can enable the Prefer SNI over CONNECT Host for DNS option to address this scenario.

Release notes

Stay updated on new features, bug fixes, and enhancements to optimize your experience.

Read release notes

Help article

Maximize product knowledge and efficiently self-solve issues by reading our helpful and informative articles.

Read help article

Be the first to know the latest innovations

By submitting the form, you are agreeing to our privacy policy.