AZ Asia-Pacific - Zscaler Help Centre
All Categories Zscaler Internet Access Ranges & Limitations for Zscaler Configuration

Ranges & Limitations for Zscaler Configuration

Active Directory & OpenLDAP Synchronization

Following are the Active Directory (AD) and OpenLDAP synchronization ranges and limitations.

Feature

Limit

Primary/Secondary Directory Name

255 characters

Authentication Agent URL

1,023 characters

Directory Server Address

1,023 characters

Port

0 - 65535

Bind DN

255 characters

Bind Password

255 characters

Base DN

1,023 characters

User Login

255 characters

User Full Name

255 characters

User Search Filter

1,023 bytes

Department Membership

255 characters

Group Name

255 characters

Group Membership (AD only)

255 characters

Group Search Filter

1,023 bytes

Group Base DN (OpenLDAP only)

255 characters

User Attribute (OpenLDAP only)

255 characters

User Membership (OpenLDAP only)

255 characters

User Entry

1,023 characters

Users/Groups/Departments Search (Synchronization Results)

255 characters

User Authentication Filter

1,023 bytes

Test User Login

255 characters

Test User Password

255 characters

Departments

Following are the department ranges and limitations.

Feature

Limit

Departments per Organization

140,000 departments

Department Name

128 characters

Comments

10,240 KB

Imported Departments per CSV file

3,000 entries

Data Loss Prevention

Following are the Data Loss Prevention (DLP) ranges and limitations.

Feature

Limit

Custom DLP Dictionaries

160 dictionaries

Custom DLP Engines

47 engines

EUNs

Following are the EUN ranges and limitations.

Feature

Limit

Custom Redirect URL

1,023 characters

Notification Message

15,000 bytes

AUP Message

30,000 bytes

URL Categorization Notification

15,000 bytes

Security Violation Notification

15,000 bytes

DLP Violation Notification

15,000 bytes

Caution Notification Text

15,000 bytes

Support Phone Number

20 characters

Policy Link

1,023 characters

IT Support Email

254 characters

Groups

Following are the group ranges and limitations.

Feature

Limit

Group Name

128 characters

Comments

10,240 bytes

Imported Groups per CSV file

3,000 entries

Network Services Groups

121 groups

Network Applications Groups

126 groups

Source IP Address Groups

4,000 groups

Destination Groups (Destination IP or FQDN Groups)

4,000 groups

FQDNs or IP Addresses per Group

8,000 addresses

Locations

Following are the location ranges and limitations.

Feature

Limit

Locations & Sub-locations per Organization

32,000 locations

Sub-locations per Location

2,000 sub-locations

IP Address Ranges per Sub-location

2,000 IP address ranges

Location Name

128 characters

Location State

128 characters

Location Groups per Organization

256 groups

Locations & Sub-locations per Group

32,000 locations

Imported Locations per CSV file

1,000 entries

NSS

Following are the NSS filter feed ranges and limitations.

Feature

Limit

NSS Users per Feed

1,024 users

NSS Departments per Feed

1,024 departments

NSS Locations per Feed

1,024 locations

NSS Clients per Feed

1,024 clients

NSS Threat Names per Feed

1,024 threat names

Organization

Following are the organization ranges and limitations.

Feature

Limit

Address Line 1

10,240 bytes

Address Line 2

10,240 bytes

City/State/ZIP

1,024 bytes

Name/Title/Phone/Alternate Phone

1,024 bytes

Admin Users per Organization

10,000 admins

Admin User Login ID

128 characters

Admin User Email 

254 characters

Admin User Name

256 characters

Admin User Comments

10,240 bytes

Admin User Password

100 characters

ADP Clients

16 clients

Admin Roles

64 roles

Identity Providers

16 identity providers

Other

Following are other ranges and limitations.

Feature

Limit

Source IP and Destination Groups

4,000 groups

     IP Addresses or FQDNs per Group

8,000 addresses

     IP Addresses per Organization

16,000 addresses

Predefined Bandwidth Classes

8 classes

Custom Bandwidth Classes

17 classes

Bandwidth Class Name

128 characters

Time Intervals

64 intervals

GRE Tunnels per ZIA Public Service Edge (both private deployment and cloud)

800 tunnels

Virtual Service Edge Nodes or VZENs per Cluster

16 nodes

Exported Transactions

100,000 entries

Admin Role Name

128 characters

SAML Certificate Filename

128 characters

SAML Certificate Key Name

1,024 characters

Alerts

128 alerts

Alert Definition Comments

10,240 bytes

Alert Subscription Email

254 characters

Restore Point Name

128 characters

Restore Point Description

10,240 bytes

ICAP Name

128 characters

ICAP Receiver URL

1,024 characters

Firewall Network Services

832 services

Network Service Name

255 characters

Network Service Description

1,024 bytes

Auditor Email

254 characters

Admin Audit Log

1,000 entries

SCIM Servers

5 requests/second

PAC File

Following are the PAC file ranges and limitations.

Feature

Limit

Name

255 characters

Description

255 characters

File Size

256 KB

Non-ASCII Characters

The file can contain up to 12% of non-ASCII characters (binary).

Reporting

Following are the reporting ranges and limitations.

Feature

Limit

Interactive Report Name

50 characters

Widget Name

50 characters

Widgets

20 widgets

Favorites per User

50 favorites

Scheduled Report Recipient (i.e., Email address)

254 characters

Export to CSV (Web, Mobile, Firewall, DNS, and Tunnel Insights Logs)

20 requests/hour

Policies

Following are the policy & rule ranges and limitations.

Feature

Limit

Comments

Bandwidth Control Policy Rules per Organization

125 rules

Cloud App Control Policy Rules (per Cloud app Category) per Organization

127 rules

DNS Control Policy Rules per Organization

1,020 rules

NAT Control Policy Rules per Organization

1,023 rules

Firewall Filtering Policy Rules (including DNAT) per Organization

1,021 rules

Source IP/Destination Groups IP Addresses and FQDNs per Organization

16,000 addresses

Destination Groups FQDNs per Organization

5,000 addresses (16,000 addresses with Advanced Cloud Firewall)

Source IP Groups IP Addresses per Rule

8,000 addresses

Destination Groups IP Addresses and FQDNS per Rule

8,000 addresses

Source IP/Destination Groups per Rule

1,000 groups

Service Groups/Application Groups per Rule

1,000 groups

Destination Groups FQDNs per Rule

5,000 addresses

Destination Groups IP Addresses and FQDNs per Group 

8,000 addresses

Destination Groups FQDNs per Group

100 addresses (8,000 addresses with Advanced Cloud Firewall) 

URL Filtering Policy Rules

1,000 rules

Forwarding Policy Rules per Organization

1,023 rules

Third-Party Proxies Rules per Organization

8 rules

Gateways for Third-Party Proxies Rules per Organization

8 rules

ZPA Gateways Rules per Organization

32 rules

All Other Policy Rules (i.e., DLP Policy, File Type Control Policy, IPS Control Policy, SSL Inspection Policy, etc.)

127 rules

All Policy Rule Types:

     Users per Rule

4 users

     Groups per Rule

8 groups 

     Departments per Rule

8 departments

     Locations per Rule

8 locations

     Location Groups per Rule

32 groups

     Rule Labels

1,024 labels

     Times per Rule

8 times

     Comments

10,240 bytes

Some languages use multi-byte characters, so will have fewer characters than bytes.

URL Filtering & Cloud App Control

Following are the URL filtering and cloud app control ranges and limitations.

Feature

Limit

Comments

Custom Keywords (total)

2,048 keywords

Custom Keywords per Category

256 keywords

Keywords retaining parent category per Category

2,048 keywords

Custom URLs/TLDs

25,000 URLs/TLDs

Includes:

  • Custom URLs/TLDs in all URL Categories/TLD Categories

  • Auth Exemption URLs in Advanced settings

  • Blocked URLs in SSL Inspection settings

  • Allowed URLs in FTP Control settings

  • Bandwidth Class Domains

Duplicate URLs/TLDs are counted once.

Do Not Scan Content from these URLs

1,024 URLs

Custom Categories/TLD Categories

64 categories

URLs

253 characters

Tenant Profiles per Rule

16 tenant profiles

Each Cloud App Control Policy rule can have up to 16 tenant profiles associated with it.

Dropbox Team ID

100 team IDs

Each team ID can have up to 64 characters.

Google App Domains

100 domains

Each domain name can have up to 160 characters.

Microsoft Login Services Tenant Directory

250 tenant directories

Each tenant directory can have up to 64 characters.

Microsoft Login Services Office 365 Tenants

250 Office 365 tenants

Each Office 365 tenants can have up to 64 characters.

Slack Your Workspace ID

100 workspace IDs

Each workspace ID can have up to 64 characters.

Slack Allowed Workspace ID

100 workspace IDs

Each workspace ID can have up to 64 characters.

YouTube Channel ID

200 channel IDs

Each channel ID can have up to 100 characters.

YouTube School ID

100 school IDs

Each school ID can have up to 127 characters.

Users

Following are the user ranges and limitations.

Feature

Limit

Users per Organization

1,400,000 users

User Name

128 characters

User Password

255 characters

Groups per User

127 groups by default

Comments

10,240 bytes

Imported Users per CSV file

3,000 entries

User Groups per Organization

140,000 groups

User Temporary Authentication Email

254 characters

VPN Credentials

Following are the VPN credentials ranges and limitations.

Feature

Limit

VPN Credentials per Organization

16,000 credentials

Imported VPN Credentials per CSV file

3,000 entries

User ID (for FQDN and XAUTH authentication types)

256 characters

Pre-Shared Key (for FQDN and IP authentication types)

255 characters

Comments

10,240 bytes