Zscaler Internet Access DBL Configuration Guide

Follow the steps below and then submit a ticket via the Samurai MDR portal.

Access Requirements

Threat data will be pushed using the Zscaler native API with standard HTTPS TCP/443 to your Zscaler cloud instance.

From Zscaler Internet Access Portal:

Once completed you will need to provide specific information to NTT via a ticket in the Samurai MDR portal.

Create a dedicated user with a specific role for NTT

Follow the steps outlined in Zscaler documentation to create an admin role: 

Use the following parameters when completing the steps:

Field NameParameter
NameWhatever you want, however we suggest: NTT_DBL
Enable Permissions for Executive Insightsdisabled
 Log Limit (Days)60 days
Dashboard AccessView Only
Reporting AccessFull
Insights AccessView Only
Policy AccessFull
Administrators AccessNone
User NamesObfuscated
Device InformationObfuscated
Functional ScopeAll options disabled (Advanced Settings, Data Loss Prevention, Security, SSL Policy, Virtual Service Edge Configuration, Firewall, DNAT, DNS & IPS, NSS Configuration, Partner Integration, Remote Assistance Management)
Access Control (Web and Mobile)Enabled (Policy and Resource Management, Custom URL Category Management, Override Existing Categories, Tenant Profile Management)
Traffic ForwardingDisabled
Authentication ConfigurationDisabled

Table 1: Admin role

Follow the steps outlined in Zscaler documentation to create a user and assign the role:

Use the following parameters when completing the steps:

Field NameParameter
Login IDWhatever you want, however we suggest: NTT_DBL
Emailsupport@nttsh.zendesk.com
NameWhatever you want, however we suggest: NTT Dynamic Block List
RoleThe role previous created, we suggested*: NTT_DBL*
StatusEnable
ScopeAs per your organization
Executive Insights App AccessDisabled
CommentsWhat you want
Security UpdatesDisabled
Service UpdatesDisabled
Product UpdatesDisabled
Password Based LoginEnable (enter password)

Table 2: Admin user

You will need to share these credentials when raising a ticket with us.

Provide your API base URL and API key

Review the Zscaler documentation to find your Base URL and API Key:

You can also read more information about the Zscaler API at:

You will need this information when raising a ticket with us.

Create a dedicated URL category for the DBL:

Follow the Zscaler documentation:

You need to create two URL categories. Use the following parameters when completing the steps:

Field NameParameter
NameWhatever you want, however we suggest: NTT_Block
URL Super CategoryUser-Defined
Administrator Operational ScopeAny
Custom URLsexample.com (this entry will be removed in the first DBL list retrieval as one value is mandatory for creation)

Table 3: Custom URL category 1

Field NameParameter
NameWhatever you want, however we suggest: NTT_Notify
URL Super CategoryUser-Defined
Administrator Operational ScopeAny
Custom URLsexample.com (this entry will be removed in the first DBL list retrieval as one value is mandatory for creation)

Table 4: Custom URL category 2

Configure URL and Cloud App control

Follow the steps outlined in Zscaler documentation:

Use the following applicable parameters when completing the steps (set other parameters according to your specific configuration):

Field NameParameter
Rule Order1 (Recommended)
Rule NameWhatever you want, however we suggest: NTT DBL
URL CategorySelect the previously created categories, we suggested NTT_Block & NTT_Notify
ProtocolDNS Over HTTPS, FTP Over HTTP, HTTP, HTTPS, HTTP Proxy, SSL, Tunnel and Tunnel SSL
ActionBlock

Table 5: URL filtering policy

Configure Monthly Reporting

To enable improvements of DBL we recommend that you schedule monthly reports that are automatically emailed to us. 

Follow the steps in the Zscaler documentation, Refer to Copying a Standard Report:

Select the Blocked Web Traffic Overview under Standard Reports - Web Activity to copy 

Field NameParameter
Report NameAnything you want, however we recommend ‘NTT_DBL_MonthlyReport
Time FramePrevious Month

Table 6: Copy Report

Follow the steps in Zscaler documentation to Schedule the Report:

Use the following parameters when completing the steps:

Field NameParameter
Schedule NameWhatever you want, however we suggest: NTT_MonthlyReport_Schedule
ReportReport previously created, we recommended ‘NTT_DBL_MonthlyReport
Recipientsrtmd_esc-cp@ntt.com
StatusEnabled
FrequencyMonthly
Time zoneAsia/Tokyo

Table 7: Scheduled Report

Submit a ticket

Now that you have completed all of the steps above you must now submit a ticket via the Samurai MDR portal. Add the following information (created from the steps above) within your request:

Ticket fieldInformation
TitleDBL Onboarding Request for Zscaler Internet Access
Description
  • Zscaler Login ID
  • Password
  • Base URL for API
  • API KeyUpdate Interval (minimum 10 minutes)

Submit the ticket and you will hear back from us when onboarding is complete.

Our Dynamic Block List (DBL) configuration guide was accurate at the time of writing but vendors change things frequently! If you find errors or anything is outdated, let us know by *raising a ticket in the Samurai MDR portal and we shall get it updated.