This is the multi-page printable view of this section. Click here to print.

Return to the regular view of this page.

Zscaler Internet Access DBL Configuration Guide

    Our Dynamic Block List (DBL) configuration guide was accurate at the time of writing but vendors change things frequently! If you find errors or anything is outdated, let us know by raising a request in the Samurai MDR application and we shall get it updated.

    Follow the steps below and then submit an onboarding request raise a request via the Samurai MDR application.

    Access Requirements

    Threat data will be pushed using the Zscaler native API with standard HTTPS TCP/443 to your Zscaler cloud instance.

    From Zscaler Internet Access Portal:

    Once completed you will need to provide specific information to NTT via a ticket in the Samurai MDR application.

    Create a dedicated user with a specific role for NTT

    Follow the steps outlined in Zscaler documentation to create an admin role: 

    Use the following parameters when completing the steps:

    Field NameParameter
    NameWhatever you want, however we suggest: NTT_DBL
    Enable Permissions for Executive Insightsdisabled
     Log Limit (Days)60 days
    Dashboard AccessView Only
    Reporting AccessFull
    Insights AccessView Only
    Policy AccessFull
    Administrators AccessNone
    User NamesObfuscated
    Device InformationObfuscated
    Functional ScopeAll options disabled (Advanced Settings, Data Loss Prevention, Security, SSL Policy, Virtual Service Edge Configuration, Firewall, DNAT, DNS & IPS, NSS Configuration, Partner Integration, Remote Assistance Management)
    Access Control (Web and Mobile)Enabled (Policy and Resource Management, Custom URL Category Management, Override Existing Categories, Tenant Profile Management)
    Traffic ForwardingDisabled
    Authentication ConfigurationDisabled

    Table 1: Admin role

    Follow the steps outlined in Zscaler documentation to create a user and assign the role:

    Use the following parameters when completing the steps:

    Field NameParameter
    Login IDWhatever you want, however we suggest: NTT_DBL
    Emailsupport@nttsh.zendesk.com
    NameWhatever you want, however we suggest: NTT Dynamic Block List
    RoleThe role previous created, we suggested*: NTT_DBL*
    StatusEnable
    ScopeAs per your organization
    Executive Insights App AccessDisabled
    CommentsWhat you want
    Security UpdatesDisabled
    Service UpdatesDisabled
    Product UpdatesDisabled
    Password Based LoginEnable (enter password)

    Table 2: Admin user

    You will need to share these credentials when raising a ticket with us.

    Provide your API base URL and API key

    Review the Zscaler documentation to find your Base URL and API Key:

    You can also read more information about the Zscaler API at:

    You will need this information when raising a ticket with us.

    Create a dedicated URL category for the DBL:

    Follow the Zscaler documentation:

    You need to create two URL categories. Use the following parameters when completing the steps:

    Field NameParameter
    NameWhatever you want, however we suggest: NTT_Block
    URL Super CategoryUser-Defined
    Administrator Operational ScopeAny
    Custom URLsexample.com (this entry will be removed in the first DBL list retrieval as one value is mandatory for creation)

    Table 3: Custom URL category 1

    Field NameParameter
    NameWhatever you want, however we suggest: NTT_Notify
    URL Super CategoryUser-Defined
    Administrator Operational ScopeAny
    Custom URLsexample.com (this entry will be removed in the first DBL list retrieval as one value is mandatory for creation)

    Table 4: Custom URL category 2

    Configure URL and Cloud App control

    Follow the steps outlined in Zscaler documentation:

    Use the following applicable parameters when completing the steps (set other parameters according to your specific configuration):

    Field NameParameter
    Rule Order1 (Recommended)
    Rule NameWhatever you want, however we suggest: NTT DBL
    URL CategorySelect the previously created categories, we suggested NTT_Block & NTT_Notify
    ProtocolDNS Over HTTPS, FTP Over HTTP, HTTP, HTTPS, HTTP Proxy, SSL, Tunnel and Tunnel SSL
    ActionBlock

    Table 5: URL filtering policy

    Configure Monthly Reporting

    To enable improvements of DBL we recommend that you schedule monthly reports that are automatically emailed to us. 

    Follow the steps in the Zscaler documentation, Refer to Copying a Standard Report:

    Select the Blocked Web Traffic Overview under Standard Reports - Web Activity to copy 

    Field NameParameter
    Report NameAnything you want, however we recommend ‘NTT_DBL_MonthlyReport
    Time FramePrevious Month

    Table 6: Copy Report

    Follow the steps in Zscaler documentation to Schedule the Report:

    Use the following parameters when completing the steps:

    Field NameParameter
    Schedule NameWhatever you want, however we suggest: NTT_MonthlyReport_Schedule
    ReportReport previously created, we recommended ‘NTT_DBL_MonthlyReport
    Recipientsrtmd_esc-cp@ntt.com
    StatusEnabled
    FrequencyMonthly
    Time zoneAsia/Tokyo

    Table 7: Scheduled Report

    Raise a Request

    Now that you have completed all of the steps above you must now raise a request via the Samurai MDR application. Add the following information (created from the steps above) within your request:

    Ticket fieldInformation
    TitleDBL Onboarding Request for Zscaler Internet Access
    Description
    • Zscaler Login ID
    • Password
    • Base URL for API
    • API KeyUpdate Interval (minimum 10 minutes)

    Submit the ticket and you will hear back from us when onboarding is complete.