Is ZScaler working? Let's find out...

I was recently asked if I could leverage Configuration Manager to verify that the ZScaler Client Connector was not only installed but also working.  Verifying that an application is installed is pretty easy and built into the system.  However, seeing that the client was functioning, and traffic was protected was a much more custom job.  For that, we go to PowerShell.

$site = Invoke-WebRequest http://ip.zscaler.com/

$zscalerstatus = ($site.ParsedHtml.getElementsByTagName('div') | Where-Object{ $_.className -eq 'headline' }).innertext If ($zscalerstatus -like '*accessing the Internet via Zscaler Cloud*') { Write-Output $True } Else { Write-Output $false }

ZScaler provides a website (http://ip.zscaler.com) that you can use to test connectivity and if traffic is flowing through their cloud service or your local gateway.  By using PowerShell to look at that site and parse the text there, we can product a Compliance Item in Configuration Manager to return a Boolean value.  

After deploying this, I found that a user assignment will tell you the most useful information.  You can monitor for non-compliance and know that a user has a client that is not working correctly.  Add in alerting to the deployment and you have a good way to proactively monitor for devices missing a critical security agent on their workstation.