Truth in IT
    • Sign In
    • Register
        • Videos
        • Channels
        • Pages
        • Galleries
        • News
        • Events
        • All
Truth in IT Truth in IT
  • Data Management ▼
    • Converged Infrastructure
    • DevOps
    • Networking
    • Storage
    • Virtualization
  • Cybersecurity ▼
    • Application Security
    • Backup & Recovery
    • Data Security
    • Identity & Access Management (IAM)
    • Zero Trust
    • Compliance & GRC
    • Endpoint Security
  • Cloud ▼
    • Hybrid Cloud
    • Private Cloud
    • Public Cloud
  • Webinar Library
  • TiPs
  • DRAW

Disaster Recovery Configuration for Zscaler Internet Access

Zscaler
05/26/2026
0 (0%)
Share
  • Comments
  • Download
  • Transcript
Report Like Favorite
  • Share/Embed
  • Email
Link
Embed

Transcript


In this series of short videos, we'll be taking a look at recommendations for forwarding your traffic to the Zero Trust Exchange. This is Part 8, Disaster Recovery. Zscaler heavily recommends that you configure Disaster Recovery for Zscaler Internet Access, so that we can continue to provide secure access to the Internet for your users, even in the event of a Zero Trust Exchange outage. Configuring Disaster Recovery for ZIA is a three-step process. First, you should decide how ZIA should behave when in Disaster Recovery mode. You have the choice of three behaviors. One, Fail Open mode. In this mode, users go directly to the Internet, bypassing ZIA entirely with no security restrictions. This is generally not recommended, as users will not be protected for the duration of the outage. Two, Fail Close mode. If selected, users will have no access to the Internet during Disaster Recovery. This is the most secure option, but is generally not recommended, as it will leave your users unable to work during outages. Third, Controlled Fail Open. This allows the client connector to allow access to destinations based on policy you have defined in a custom Disaster Recovery pack file, which is hosted on your own infrastructure. This is the recommended failover action in most cases, and it will allow your users to continue to use any critical business applications you have defined while the outage is resolved, while continuing to block access to potentially risky or malicious domains. Once this choice is made, the second step of the process is to perform a one-time Disaster Recovery configuration. If you've chosen to go with the Controlled Fail Open mode, configure and host your custom Disaster Recovery pack file that will define what destinations users are allowed access to. Then, pre-create your Disaster Recovery activation DNS records inside the ZIA admin portal. You should make sure to create separate records to activate Disaster Recovery for all users to enter Disaster Recovery test mode and to disable Disaster Recovery. Finally, define your processes for triggering Disaster Recovery mode. Note that triggering Disaster Recovery mode for ZIA is a manual process. The final step is to test Disaster Recovery mode to validate that it works as expected. To do this, create or edit an app profile in the ZCC admin portal and enable the Activate Test Mode setting for that app profile, then assign it to your test users. Then, trigger Disaster Recovery test mode by uploading the test mode DNS record you pre-created to the DNS server for the configured Disaster Recovery domain name. This will trigger Disaster Recovery for users who have the test mode app profile. Verify that these users are only able to access the destinations you configured in your custom Disaster Recovery pack file. Once you have validated this, deactivate DR mode by uploading the Disaster Recovery deactivation DNS record. Zscaler recommends that you perform the steps to test Disaster Recovery mode on a regular basis, at least once every 12 months. That's it for this video. Thanks for watching.

TL;DR

  • Zscaler recommends configuring disaster recovery for ZIA to maintain secure internet access during Zero Trust Exchange outages, with three available modes: Fail Open, Fail Close, and Controlled Fail Open.
  • Controlled Fail Open is the recommended approach, allowing policy-based access to critical business applications via a custom DR pack file while blocking risky domains during outages.
  • DR configuration requires creating DNS activation records, hosting a custom pack file, and establishing manual triggering processes, with annual testing recommended to validate functionality.

Summary

This technical tutorial demonstrates how to configure disaster recovery (DR) for Zscaler Internet Access (ZIA), ensuring business continuity during Zero Trust Exchange outages. The video covers three DR modes: Fail Open (unrestricted internet access with no security), Fail Close (complete internet blocking), and Controlled Fail Open (policy-based access to critical applications). Zscaler recommends the Controlled Fail Open approach, which requires hosting a custom DR pack file that defines allowed destinations during outages. The configuration process involves selecting a DR mode, creating DNS activation records in the ZIA portal, and establishing manual triggering procedures. Organizations should test DR mode at least annually using the test mode app profile feature to validate that users can only access pre-approved destinations during simulated outages. This proactive approach balances security requirements with operational continuity, allowing employees to maintain access to essential business applications while blocking potentially risky domains during service disruptions.

Chapters

0:00 - Introduction to Disaster Recovery
0:15 - DR Mode Options
1:37 - Configuration Steps
2:22 - Testing DR Mode

Key Quotes

0:14 "Zscaler heavily recommends that you configure Disaster Recovery for Zscaler Internet Access, so that we can continue to provide secure access to the Internet for your users, even in the event of a Zero Trust Exchange outage."
1:07 "This is the recommended failover action in most cases, and it will allow your users to continue to use any critical business applications you have defined while the outage is resolved, while continuing to block access to potentially risky or malicious domains."
3:08 "Zscaler recommends that you perform the steps to test Disaster Recovery mode on a regular basis, at least once every 12 months."

Categories:
  • » Cybersecurity » Zero Trust
  • » Webinar Library » Zscaler
  • » Cybersecurity » Cloud Security
  • » Data Protection
Channels:
News:
Events:
Tags:
  • SASE
  • SSE
  • Cloud Security
  • Technical Deep Dive
  • How-To
  • Best Practices
  • Disaster Recovery
  • Business Continuity
  • Zero Trust Exchange
  • ZIA Configuration
  • Failover Modes
  • DNS Management
  • Security Policy
  • Client Connector
Show more Show less

Browse videos

  • Related
  • Featured
  • By date
  • Most viewed
  • Top rated
  •  

              Video's comments: Disaster Recovery Configuration for Zscaler Internet Access

              Upcoming Webinar Calendar

              • 07/14/2026
                01:00 PM
                07/14/2026
                Crafting a Championship-Worthy Security Team for Unmatched Defense
                https://www.truthinit.com/index.php/channel/2025/crafting-a-championship-worthy-security-team-for-unmatched-defense/
              • 07/14/2026
                02:00 PM
                07/14/2026
                Understanding the Crucial Role of Context in Safeguarding AI-Accessible Data
                https://www.truthinit.com/index.php/channel/2037/understanding-the-crucial-role-of-context-in-safeguarding-ai-accessible-data/
              • 07/21/2026
                04:00 AM
                07/21/2026
                Strategies for Managing AI Governance and Securing App-to-LLM API Traffic
                https://www.truthinit.com/index.php/channel/1967/strategies-for-managing-ai-governance-and-securing-app-to-llm-api-traffic/
              • 07/22/2026
                06:30 AM
                07/22/2026
                Insights and Strategies for Effective Data Privacy and Protection
                https://www.truthinit.com/index.php/channel/2000/insights-and-strategies-for-effective-data-privacy-and-protection/
              • 07/22/2026
                01:00 PM
                07/22/2026
                Insights from Attackers During the FIFA World Cup: A HUMAN Dialogue
                https://www.truthinit.com/index.php/channel/2029/insights-from-attackers-during-the-fifa-world-cup-a-human-dialogue/
              • 07/28/2026
                01:00 PM
                07/28/2026
                Illumio + Netskope: Zero Trust in the Age of AI Autonomy
                https://www.truthinit.com/index.php/channel/2031/illumio-netskope-zero-trust-in-the-age-of-ai-autonomy/
              • 07/29/2026
                04:00 AM
                07/29/2026
                Real-Time Strategies for Safeguarding Against Prompt Injections
                https://www.truthinit.com/index.php/channel/1968/real-time-strategies-for-safeguarding-against-prompt-injections/
              • 07/29/2026
                12:00 PM
                07/29/2026
                Unified Data Security in Action: Uncover, Analyze, and Resolve Threats
                https://www.truthinit.com/index.php/channel/2045/unified-data-security-in-action-uncover-analyze-and-resolve-threats/
              • 07/29/2026
                01:00 PM
                07/29/2026
                Ask Your Cloud Anything: Unlocking Governance Silos in your Environments
                https://www.truthinit.com/index.php/channel/2048/ask-your-cloud-anything-unlocking-governance-silos-in-your-environments/
              • 08/19/2026
                12:00 PM
                08/19/2026
                Becoming Agent Ready: Insights from Cyera's Expertise
                https://www.truthinit.com/index.php/channel/2036/becoming-agent-ready-insights-from-cyeras-expertise/
              • 09/30/2026
                04:00 AM
                09/30/2026
                AI Command Center: Optimizing Visibility and Control in Your Operations
                https://www.truthinit.com/index.php/channel/2024/ai-command-center-optimizing-visibility-and-control-in-your-operations/

              Upcoming Events

              • Jul
                14

                Crafting a Championship-Worthy Security Team for Unmatched Defense

                07/14/202601:00 PM ET
                • Jul
                  14

                  Understanding the Crucial Role of Context in Safeguarding AI-Accessible Data

                  07/14/202602:00 PM ET
                  • Jul
                    21

                    Strategies for Managing AI Governance and Securing App-to-LLM API Traffic

                    07/21/202604:00 AM ET
                    • Jul
                      22

                      Insights and Strategies for Effective Data Privacy and Protection

                      07/22/202606:30 AM ET
                      • Jul
                        22

                        Insights from Attackers During the FIFA World Cup: A HUMAN Dialogue

                        07/22/202601:00 PM ET
                        More events
                        Truth in IT
                        • Sponsor
                        • About Us
                        • Terms of Service
                        • Privacy Policy
                        • Contact Us
                        • Preference Management
                        Desktop version
                        Standard version