NSS Outbound Connection Requirements
- To ensure that your NSS works correctly in your environment, configure your firewall to allow the outbound connections listed in the following table.
- There is no need to open inbound connections from the cloud.
|Source IP||Destination IP||Service Port||Description|
|NSS Management IP Address||Zscaler Hub IP||443 (TCP)||Download of software updates (HTTPS)|
|NSS Service IP Address||Zscaler Hub IP||443(TCP)||Connectivity with Central Authority|
|NSS Management IP Address||Remote Support IP||12002 (TCP)||
Reverse Tunnel for Remote Support Assistance from Zscaler (This feature is disabled by default, and must be explicitly enabled on NSS. See the Troubleshooting Section in the NSS Guide for usage)1 (SSH)
|NSS IP Addresses||Local Nameserver IP||53 (UDP)||Name Resolution (DNS)|
|NSS Management IP Address||All or Local NTP Server IP||123 (UDP)||
Time sync with NTP Servers. Please refer to the latest NSS Guide for configuring sync with local NTP Server. (NTP)
|NSS Service IP Address||SIEM IP Address||TCP SIEM Listening Port||Realtime log feed to SIEM|
1Remote Support IP 220.127.116.11
Zscaler Hub IP Addresses
|Required IP Addresses|
|Recommended IP Addresses|