Professional Documents
Culture Documents
Zscaler SOP
Zscaler SOP
St
ep:1 – Review the ticket for IMACD Approval to have the website
whitelisted and ensure the web URL is mentioned in the request. If
IMACD not found, then route the ticket to Service Desk as
insufficient Info call handling and advise to submit the IMACD.
Step- 2- IMACD must Include the full business justification on why
they need this URL. This will need to be a comprehensive
explanation and generic reasons will be automatically denied.
Step 3- Get the URL link that user wants to access and check in virus
total website whether the URL link is virus free.
Step 4- If the URL link has any viruses inform the user about the same and
to find the alternative solution and resolve the ticket
Step 5- If the weblink is virus free, add it to Zscaler white list as follows:
Go to Zscaler:
https://admin.zscalertwo.net/#dashboard/1
Go to Administration.
If the URL Link is HTTP:
Select URL categories in the resources section.
Search for whitelist in the search tab
Edit the Flowserve-white list link.
Paste the URL domain name begin with the “.” in the
Custom URL section and click Add
Once added, Go to Activation and click activate.
If the URL Link is encrypted with SSL/TLS i.e., https:
HTTPS: URLs using HTTP encrypted by TLS/SSL.
Search for SSL in the search tab and edit the flowserve.ssl
link.
Enter the URL begin with “.” And click add.
If the user still not accessing the URL. Add it to
Flowserve.auth.ssl link and activate.
Step 7: Send mail to the user for confirmation and same update in
the ticket. After confirmation from user resolve the ticket.
a. Open ticket Turn Ticket status to In Progress
and save
b. Then Click on Resolve.
c. Fill the 4 fields listed below Resolution
method/ Closure source/ Resolution/ Status
reason
.
Send mail to the user for confirmation and same update in the
ticket. After confirmation from user resolve the ticket.
a. Open ticket Turn Ticket status to In Progress and save
b. Then Click on Resolve.
c. Fill the 4 fields listed below Resolution method/
Closure source/ Resolution/ Status reason .
Incidence Description: L2SOC03
Flowserve Internet Policy - Whitelist Port Address
Level 1 Ticket Source: CRIM- Unisys Alerts/ User Phone Call/ Email
Support Level: Level 2
Additional Information/Considerations:
User Account naming nomenclature- 500 account- for contractor/ 100 account – for
permanent hire/ CST_underscore account – contract third party account
How Do I Resolve Follow These Steps:
Review daily ticket If the user requires to open/close a port or update a Port for an
list for Queue approved application then, follow below procedure:
Monitored – 1. Policy -> Firewall Control
Security_Global_FL
S
2. Add Firewall Filtering Rule
3. Make rule name containing naming convention
4. If global change leave location blank. If not add the required
sites in locations.
5. Add in Description with Name and Date
7. Add Network Services
8. Name using “Rule Name” – Port
9. Same description as filtering rule
10. Add the port #
11. Save
12. Open Network Services select new rule or hit done.
13. Add in source IP or IP group
15. Save
16. Move above Rule Dropping all Traffic
17. Save and Commit
3. You can change any of the TCP Source Ports, TCP
Destination Ports, UDP Source Ports, or UDP
Destination Ports
4. Click Save and activate the change
Send mail to the user for confirmation and same update in the
ticket. After confirmation from user resolve the ticket.
a. Open ticket Turn Ticket status to In Progress and save
b. Then Click on Resolve.
c. Fill the 4 fields listed below Resolution method/ Closure
source/ Resolution/ Status reason
The device is removed immediately, and the policy
status changes to Removed.
Send mail to the user for confirmation and same update in the
ticket. After confirmation from user resolve the ticket.
a. Open ticket Turn Ticket status to In Progress and save
b. Then Click on Resolve.
c. Fill the 4 fields listed below Resolution method/
Closure source/ Resolution/ Status reason
Incidence Description: L2SOC01
Zscaler Internal error, contact your Administration
Internet access blocked
Service is disabled
Level 1 Ticket Source: CRIM- Unisys Alerts/ User Phone Call/ Email
Support Level: Level 2
Additional Information/Considerations:
User Account naming nomenclature- 500 account- for contractor/ 100 account – for
permanent hire/ CST_underscore account – contract third party account
How Do I Resolve Follow These Steps:
Review daily ticket If the user receives an error message as mentioned then, follow
list for Queue below procedure:
Monitored –
Security_Global_FLS
Step 1- Open notepad > copy this Script and paste it> save this
document at Desktop> name the file as TEST.txt
@echo off
%systemdrive%
cd %windir%\system32\wbem
for /f %%s in ('dir /b *.dll') do regsvr32 /s %%s
wmiprvse /regserver
winmgmt /regserver
Step 2- find the Test.txt file on desktop and rename it as Test.bat (the
icon will change to wheel icon)
Step 3- go to C:\Windows\System32\Wbem
username: .\administrator
Step 7: it will ask for username and password, enter the same as
above. cmd.exe will run, once completed.