What is the recommended disaster recovery mode for Zscaler Internet Access?

Controlled Fail Open is the recommended mode because it allows users to continue accessing critical business applications defined in a custom DR pack file while maintaining protection against risky or malicious domains during outages, balancing security with operational continuity.

How often should organizations test their ZIA disaster recovery configuration?

Zscaler recommends testing disaster recovery mode at least once every 12 months using the test mode app profile feature to validate that users can only access approved destinations during simulated outages.

Disaster Recovery Configuration for Zscaler Internet Access

Name: Disaster Recovery Configuration for Zscaler Internet Access
Uploaded: 2026-05-26T19:56:52-04:00
Duration: 3 min 20 s
Description: In this video, you will learn about: - The different Disaster Recovery modes that can be configured for ZIA - How to implement and test DR for your users 0:00 Introduction 0:15 Disaster Recovery modes 1:37 Configuring and testing Disaster Recovery Abou...

Zscaler

05/26/2026

0 (0%)

Report Like Favorite

TL;DR

Zscaler recommends configuring disaster recovery for ZIA to maintain secure internet access during Zero Trust Exchange outages, with three available modes: Fail Open, Fail Close, and Controlled Fail Open.
Controlled Fail Open is the recommended approach, allowing policy-based access to critical business applications via a custom DR pack file while blocking risky domains during outages.
DR configuration requires creating DNS activation records, hosting a custom pack file, and establishing manual triggering processes, with annual testing recommended to validate functionality.

Summary

This technical tutorial demonstrates how to configure disaster recovery (DR) for Zscaler Internet Access (ZIA), ensuring business continuity during Zero Trust Exchange outages. The video covers three DR modes: Fail Open (unrestricted internet access with no security), Fail Close (complete internet blocking), and Controlled Fail Open (policy-based access to critical applications). Zscaler recommends the Controlled Fail Open approach, which requires hosting a custom DR pack file that defines allowed destinations during outages. The configuration process involves selecting a DR mode, creating DNS activation records in the ZIA portal, and establishing manual triggering procedures. Organizations should test DR mode at least annually using the test mode app profile feature to validate that users can only access pre-approved destinations during simulated outages. This proactive approach balances security requirements with operational continuity, allowing employees to maintain access to essential business applications while blocking potentially risky domains during service disruptions.

Chapters

0:00 - Introduction to Disaster Recovery
0:15 - DR Mode Options
1:37 - Configuration Steps
2:22 - Testing DR Mode

Key Quotes

0:14 "Zscaler heavily recommends that you configure Disaster Recovery for Zscaler Internet Access, so that we can continue to provide secure access to the Internet for your users, even in the event of a Zero Trust Exchange outage."
1:07 "This is the recommended failover action in most cases, and it will allow your users to continue to use any critical business applications you have defined while the outage is resolved, while continuing to block access to potentially risky or malicious domains."
3:08 "Zscaler recommends that you perform the steps to test Disaster Recovery mode on a regular basis, at least once every 12 months."

Categories:

Tags:

Show more Show less

TL;DR

Summary

Chapters

Key Quotes

Action1: Vulnerability Digest--Patch Tuesday & Other Updates

Understanding the True Costs of DIY Data Classification vs. Buying Solutions

Stay Informed on the Latest Keepit Partner Developments – June 23

Generative AI Security: Preventing AI from Becoming a Data Breach Multiplier