Zscaler Internet Access DBL Configuration Guide
Follow the steps below and then submit a ticket via the Samurai MDR portal.
Access Requirements
Threat data will be pushed using the Zscaler native API with standard HTTPS TCP/443 to your Zscaler cloud instance.
From Zscaler Internet Access Portal:
Once completed you will need to provide specific information to NTT via a ticket in the Samurai MDR portal.
Create a dedicated user with a specific role for NTT
Follow the steps outlined in Zscaler documentation to create an admin role:
Use the following parameters when completing the steps:
Field Name | Parameter |
---|---|
Name | Whatever you want, however we suggest: NTT_DBL |
Enable Permissions for Executive Insights | disabled |
Log Limit (Days) | 60 days |
Dashboard Access | View Only |
Reporting Access | Full |
Insights Access | View Only |
Policy Access | Full |
Administrators Access | None |
User Names | Obfuscated |
Device Information | Obfuscated |
Functional Scope | All options disabled (Advanced Settings, Data Loss Prevention, Security, SSL Policy, Virtual Service Edge Configuration, Firewall, DNAT, DNS & IPS, NSS Configuration, Partner Integration, Remote Assistance Management) |
Access Control (Web and Mobile) | Enabled (Policy and Resource Management, Custom URL Category Management, Override Existing Categories, Tenant Profile Management) |
Traffic Forwarding | Disabled |
Authentication Configuration | Disabled |
Table 1: Admin role
Follow the steps outlined in Zscaler documentation to create a user and assign the role:
Use the following parameters when completing the steps:
Field Name | Parameter |
---|---|
Login ID | Whatever you want, however we suggest: NTT_DBL |
support@nttsh.zendesk.com | |
Name | Whatever you want, however we suggest: NTT Dynamic Block List |
Role | The role previous created, we suggested*: NTT_DBL* |
Status | Enable |
Scope | As per your organization |
Executive Insights App Access | Disabled |
Comments | What you want |
Security Updates | Disabled |
Service Updates | Disabled |
Product Updates | Disabled |
Password Based Login | Enable (enter password) |
Table 2: Admin user
You will need to share these credentials when raising a ticket with us.
Provide your API base URL and API key
Review the Zscaler documentation to find your Base URL and API Key:
You can also read more information about the Zscaler API at:
You will need this information when raising a ticket with us.
Create a dedicated URL category for the DBL:
Follow the Zscaler documentation:
You need to create two URL categories. Use the following parameters when completing the steps:
Field Name | Parameter |
---|---|
Name | Whatever you want, however we suggest: NTT_Block |
URL Super Category | User-Defined |
Administrator Operational Scope | Any |
Custom URLs | example.com (this entry will be removed in the first DBL list retrieval as one value is mandatory for creation) |
Table 3: Custom URL category 1
Field Name | Parameter |
---|---|
Name | Whatever you want, however we suggest: NTT_Notify |
URL Super Category | User-Defined |
Administrator Operational Scope | Any |
Custom URLs | example.com (this entry will be removed in the first DBL list retrieval as one value is mandatory for creation) |
Table 4: Custom URL category 2
Configure URL and Cloud App control
Follow the steps outlined in Zscaler documentation:
Use the following applicable parameters when completing the steps (set other parameters according to your specific configuration):
Field Name | Parameter |
---|---|
Rule Order | 1 (Recommended) |
Rule Name | Whatever you want, however we suggest: NTT DBL |
URL Category | Select the previously created categories, we suggested NTT_Block & NTT_Notify |
Protocol | DNS Over HTTPS, FTP Over HTTP, HTTP, HTTPS, HTTP Proxy, SSL, Tunnel and Tunnel SSL |
Action | Block |
Table 5: URL filtering policy
Configure Monthly Reporting
To enable improvements of DBL we recommend that you schedule monthly reports that are automatically emailed to us.
Follow the steps in the Zscaler documentation, Refer to Copying a Standard Report:
Select the Blocked Web Traffic Overview under Standard Reports - Web Activity to copy
Field Name | Parameter |
---|---|
Report Name | Anything you want, however we recommend ‘NTT_DBL_MonthlyReport’ |
Time Frame | Previous Month |
Table 6: Copy Report
Follow the steps in Zscaler documentation to Schedule the Report:
Use the following parameters when completing the steps:
Field Name | Parameter |
---|---|
Schedule Name | Whatever you want, however we suggest: NTT_MonthlyReport_Schedule |
Report | Report previously created, we recommended ‘NTT_DBL_MonthlyReport’ |
Recipients | rtmd_esc-cp@ntt.com |
Status | Enabled |
Frequency | Monthly |
Time zone | Asia/Tokyo |
Table 7: Scheduled Report
Submit a ticket
Now that you have completed all of the steps above you must now submit a ticket via the Samurai MDR portal. Add the following information (created from the steps above) within your request:
Ticket field | Information |
---|---|
Title | DBL Onboarding Request for Zscaler Internet Access |
Description |
|
Submit the ticket and you will hear back from us when onboarding is complete.
Our Dynamic Block List (DBL) configuration guide was accurate at the time of writing but vendors change things frequently! If you find errors or anything is outdated, let us know by *raising a ticket in the Samurai MDR portal and we shall get it updated.