DLP ICAP Requirements

Looking for the latest changes? Changelog.
  • In order to ensure that the Zscaler service can communicate with your DLP server using Internet Content Adaptation Protocol (ICAP), you must configure your firewall to allow the traffic described below.
Service Source Destination Description
TCP/1344 (ICAP) Zscaler Enforcement Nodes (ZEN) on FCC Cloud Customer DLP Server Public IP Traffic sent by the Zscaler service to customer’s public-facing appliance (DLP server or Load Balancer) using ICAP
TCP/11344 (ICAPs) Zscaler Enforcement Nodes (ZEN) on FCC Cloud Customer DLP Server Public IP Traffic sent by the Zscaler service to customer’s public-facing appliance (DLP server or Load Balancer) using ICAPs *

* ICAPs requires a third-party application (s-tunnel or other similar applications) to decrypt the traffic.
 

ZEN IP Addresses on FCC Cloud

Required IP Addresses
104.129.192.118 to 104.129.192.126
165.225.72.138 to 165.225.72.146
199.168.148.90