This message originated from Cribl Community Slack.
Click here to view the original link.
Hey all - Working on configuring our Zscaler Cloud NSS feeds to send over to our cribl.cloud worker groups. Using the zscaler_nss Source but when i enable TLS - the connection breaks (not understanding why). Just need a sanity check that my configuration is proper. The cert is something we established for this use. Maybe something is off on my zscaler side?
Solved
Zscaler NSS Source Connection Breaks When TLS Is Enabled
Best answer by Jon Rust
Try connecting with curl or openssl to test the certs
Try connecting with curl or openssl to test the certs
From what endpoint exactly? Seeing as this is Cloud NSS Feeds flowing to Cribl.Cloud?
endpoint doesn't matter for this test. We just want to validate you have TLS set-up properly
host and port is all that's required
Can you throw me an example of the curl needed?
curl:
curl -v https://ingest-address:portecho "" | openssl s_client -connect ingest-address:port8088 is by default assigned to hec source
did you disable that source?
In Cribl Cloud, Products -> Workspace -> Data Sources shows which ports are assigned to which sources
You can reuse ports, but you need to make sure the originals are turned off
Yeah within the Data sources there isnt anything focused specific to the Zscaler NSS Hec source
yes, expected
This is also the port dictated to use directly from the Zscaler Documentation when deploying a Source in Cribl
you need to define the source and choose an AVAILABLE port to listen on
ok but even when i go to enable TLS and change it all over to 443 - it still wont work
8088 isn't available out of the box. In order to use 8088, you need to disable the existing source that is already using it -- Splunk HEC
you can't use 443
which it is disabled
Choices:
- use one of the ports that is assigned to a default, but DISABLE the default first
- use a port in the range 20000 - 20010
you have that set to 10080?
Thats our ZIA Alerts Source (Which currently works fine)
Right now im working through the Zscaler NSS Source
after adding the zscaler (pic), did you commit and deploy?
So basically you're saying that I can use port 20001 for instance. Configure that on the Z NSS Cloud Feeds making sure it's https and it should work?
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.