Sold by: Zscaler, Inc.
Deployed on AWS
ZPA Connectors provide the secure authenticated interface between a customer's servers and the Zscaler Private Access cloud.
App Connectors can be deployed in several forms. Zscaler distributes a standard virtual machine (VM) image for deployment in enterprise data centers, local private cloud environments such as VMware, or public cloud environments such as Amazon Web Services (AWS) EC2. Additionally, Zscaler provides packages that can be installed on supported Linux distributions.
Connectors can be co-located with your enterprise applications, or they can be deployed in any location that has connectivity to the applications. Typically, they are deployed on network segments that can access secured applications and the ZPA cloud simultaneously, such as in a DMZ. Connectors only connect outbound; they do not need any inbound open ports to operate correctly.
4.5
Overview
The Zscaler Private Access (ZPA) service enables organizations to provide access to internal applications and services while ensuring the security of their networks. ZPA is an easier to deploy, more cost-effective, and more secure alternative to VPNs. Unlike VPNs, which require users to connect to your network to access your enterprise applications, ZPA allows you to give users policy-based secure access only to the internal apps they need to get their work done. With ZPA, application access does not require network access.
While ZPA is for connecting users to an enterprise's internal applications, Zscaler Internet Access (ZIA) is for connecting users to public applications on the internet. To learn more about ZIA architecture, see About the ZIA Cloud Architecture.
Additionally, ZPA decouples applications from the physical network so you can provide seamless connectivity to private internal applications and assets whether they are in the cloud, the data center, or both. It also adjusts dynamically to network changes, so you can move your resources without impacting user access.
You can configure settings and policies on a central ZPA Admin Portal, which also feature dashboards where you can see your users and the apps they access, and monitor the health of your servers and resources. You can configure ZPA to automatically discover servers and applications when users request them, or you can configure them manually as well. You then define policies that specify which apps users or groups can use, and ZPA allows them to connect to those apps only. ZPA renders your applications invisible to all but the authorized users and unroutable to anyone.
Like all Zscaler offerings the ZPA service is based on Zscaler's global cloud platform. So, there is no requirement for additional hardware or upgrades to existing hardware.
Highlights
- Zscaler Client Connector: Installed on your users' devices, the Zscaler Client Connector connects to the ZPA cloud to enable granular, policy-based access to your organization's internal resource.
- App Connectors: Lightweight virtual machines (VM) that are installed in the data centers that host your servers and applications. They connect to ZPA Public Service Edges or ZPA Private Service Edges only to provide users access to applications in your data center, and do not accept inbound connections.
- Global Zscaler Cloud: Stitches all components together. The Central Authority (CA) provides a central location for software updates as well as policy and configuration settings. The ZPA Public Service Edges or ZPA Private Service Edges enforce user policies and provides secure transport to the App Connectors.
Details
Sold by
Delivery method
Delivery option
64-bit (x86) Amazon Machine Image (AMI)
Latest version
Operating system
Rhel 9
Deployed on AWS
New
Introducing multi-product solutions
You can now purchase comprehensive solutions tailored to use cases and industries.
Features and programs
Financing for AWS Marketplace purchases
AWS Marketplace now accepts line of credit payments through the PNC Vendor Finance program. This program is available to select AWS customers in the US, excluding NV, NC, ND, TN, & VT.
Pricing
Pricing and entitlements for this product are managed through an external billing relationship between you and the vendor. You activate the product by supplying a license purchased outside of AWS Marketplace, while AWS provides the infrastructure required to launch the product. AWS Subscriptions have no end date and may be canceled any time. However, the cancellation won't affect the status of the external license.
Additional AWS infrastructure costs may apply. Use the AWS Pricing Calculator to estimate your infrastructure costs.
Vendor refund policy
Legal
Vendor terms and conditions
Upon subscribing to this product, you must acknowledge and agree to the terms and conditions outlined in the vendor's End User License Agreement (EULA) .
Content disclaimer
Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.
Delivery details
64-bit (x86) Amazon Machine Image (AMI)
Amazon Machine Image (AMI)
An AMI is a virtual image that provides the information required to launch an instance. Amazon EC2 (Elastic Compute Cloud) instances are virtual servers on which you can run your applications and workloads, offering varying combinations of CPU, memory, storage, and networking resources. You can launch as many instances from as many different AMIs as you need.
Version release notes
For Release notes please access this link: https://help.zscaler.com/zpa/documentation-knowledgebase/release-notes/zpa-app-connector-release-notes
Additional details
Usage instructions
In order to acquire a license key for this product, please contact us via our web form here: https://www.zscaler.com/company/contact .
Once complete, you may access the User Interface of the Zscaler Cloud Portal by accessing this link here: https://admin.zscaler.net/ . If not completed prior, you will be promoted to create an Admin account for your Zscaler Cloud Portal.
Utilizing the login you created, you may now utilize the Zscaler Cloud Portal to access your Zscaler management console where you will be able to manage and deploy new products on AWS, or other locations.
For ZPA Connector AWS Deployment see the below:
Update the Security Group associated to the App Connector to temporarily allow inbound access on port 22, then complete the following steps to connect to the instance.
SSH access is required in order to configure the provisioning key for the App Connector. See instructions: https://help.zscaler.com/zpa/connector-deployment-guide-amazon-web-services#security
Log in to the App Connector console using your AWS Private Key (i.e., a .pem file).
SSH access is enabled by default on AWS App Connectors, so there is no need to enable the service manually.
Using a standard SSH client, enter the following command to connect to the AWS instance: ssh -i <AWS Private Key> admin@<App Connector Public Hostname or IP Address>
For example, the private key for the AWS instance is AWS.pem and the App Connector IP address is 35.160.130.25: ssh -i AWS.pem admin@35.160.130.25
Support
Vendor support
Zscaler global support is available around the clock, with dedicated customer support engineers providing personalized assistance to ensure that customers are getting the most value from our products. Our support engineers have significant experience in networking and security, working closely with operations, sales, and engineering teams to ensure rapid response and resolution.
AWS infrastructure support
AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.
Similar products
Zscaler Private Access (ZPA) Network Connectors provide a secure authenticated interface between remote network segments and the ZPA cloud, and help enable end-to-end secure remote access. Network Connectors are part of the VPN (for Legacy Apps) solution and build the inside-out tunnel to VPN Service Edges and ZPA Public Brokers. You can deploy Network Connectors in two forms:
A standard virtual machine (VM) image for deployment in datacenter and campus remote sites.
AMI images for Amazon Web Services (AWS) EC2 and VM images for Microsoft Azure.
Additionally, Zscaler provides packages that you can install on RHEL (9.x) Linux distributions. Network Connectors allow seamless connectivity to specific network segments and can be deployed in any location that has connectivity to the ZPA cloud. Like App Connectors, Network Connectors connect outbound only and do not require inbound open ports for operation.
Private Cloud Controllers allow users to continue to access applications during ZPA-related cloud outages or internet service provider (ISP) outages. Business Continuity helps organizations achieve uninterrupted access to applications without any manual intervention.
Private Cloud Controllers can be deployed in several forms. Zscaler distributes a standard virtual machine (VM) image for deployment in enterprise data centers, local private cloud environments such as VMware, or public cloud environments such as Amazon Web Services (AWS), Microsoft Azure Cloud, or Google Cloud Platform. Additionally, Zscaler provides packages that can be installed on supported Linux distributions. Typically, the VM images are deployed on network segments that can access the ZPA cloud and accept inbound connections on port 443 simultaneously, such as in a DMZ. Private Cloud Controllers require inbound 443 and outbound 443 connections to be open.
Enabled by the Zscaler Zero Trust Exchange (ZTE), Zscaler Cloud Connector is a virtual machine (VM) that simplifies traffic forwarding to Zscaler services. It extends the capabilities of Zscaler Internet Access (ZIA) and Zscaler Private Access (ZPA) to cloud-native workloads, which allows enterprises to secure cloud workload communications over any network.
The ZTE enables workloads to communicate with each other and have a granular security policy applied. The communication may be from private workloads (i.e., IaaS, physical data center) to public workloads (i.e., SaaS/internet), or between private workloads (i.e., IaaS to IaaS, IaaS to physical data center).
Zscaler Integrations MCP Server makes it simple to integrate natural language into API calls for configuration, monitoring, and automation. By unifying how teams access and manage services, Zscaler Integrations MCP Server reduces complexity, improves security, and accelerates innovation, helping enterprises streamline operations at scale.
Customer reviews
Toka M.
Secure Per‑App Access, But Less Control and Harder Troubleshooting
Reviewed on Apr 09, 2026
Review provided by G2
What do you like best about the product?
The best thing about ZPA is that it removes the concept of being on the network entirely and replaces it with secure, direct, per app access. “invisible infrastructure” idea is a major shift
What do you dislike about the product?
You gain strong security and simplicity but give up some control, performance consistency, and ease of troubleshooting. Some users even report occasional connection drops or outages impacting access.
What problems is the product solving and how is that benefiting you?
ZPA is solving this core problem:
Old security assumes users inside the network are trusted. Modern reality proves that’s dangerous. Benefit to me for this reason:
Safer access
Simpler experience
More flexibility
Less risk of major breaches
Old security assumes users inside the network are trusted. Modern reality proves that’s dangerous. Benefit to me for this reason:
Safer access
Simpler experience
More flexibility
Less risk of major breaches
Betül B.
Seamless Security Without VPN Hassle
Reviewed on Apr 08, 2026
Review provided by G2
What do you like best about the product?
I like how simple and seamless Zscaler Private Access is. There's no VPN hassle for users, and from our side, it's easy to control access. It just works without getting in the way. The app-level access control is the most valuable for us, as being able to define exactly who can access which application keeps things really clean and secure. We also rely a lot on the client connector, as it makes the whole experience seamless. The initial setup of Zscaler Private Access was very easy, which is a big plus.
What do you dislike about the product?
Troubleshooting can be a bit tricky, and the initial setup isn’t the most intuitive. Occasionally, we also run into small connectivity issues with some apps. Clearer error messages and a simpler troubleshooting dashboard would help, plus more consistent app connectivity.
What problems is the product solving and how is that benefiting you?
I use Zscaler Private Access to give remote users secure access to apps without a traditional VPN, solving issues with broad network access and performance. It’s simple, seamless, and easy to control, letting us define who can access each app, making it secure and clean.
Telecommunications
Easy to Install and Manage Overall
Reviewed on Apr 07, 2026
Review provided by G2
What do you like best about the product?
The installation process of Zscaler is quite simple, and its integration for both Windows and MacOs is perfect. User interface is also quite easy to navigate and manage.
What do you dislike about the product?
The number of features that are available for the end user to change the behavior of Zscaler is quite limited. And customer support is not always fast when having connectivity issues.
What problems is the product solving and how is that benefiting you?
The main problem it is solving is the secure connectivity to corporate network and cloud resources as well as access to labs remotely. It enables me to work from anywhere
Çagla .
Reliable Remote Access with a Learning Curve
Reviewed on Apr 06, 2026
Review provided by G2
What do you like best about the product?
I used Zscaler Private Access for remote access to internal applications and it works well for daily use. The best part for me is not needing to use a VPN anymore, as the connection feels more stable and faster, especially when changing networks. I like the zero trust approach because it only gives access to specific applications instead of the entire network. It has been much more reliable compared to traditional VPN setups. I also appreciate being able to access internal environments from anywhere without complicated configurations each time. The connection is mostly stable and I didn't face many random disconnections, which is important for testing.
What do you dislike about the product?
The first setup was not very easy, it takes time to understand how the system works and fixing issues is not always simple.
What problems is the product solving and how is that benefiting you?
I use Zscaler Private Access for remote access to internal apps. It offers stable, faster connections compared to VPN, ensuring consistency during testing. The zero trust approach enhances security by accessing specific applications. Initial setup is tricky but resolves complex configurations.
Mario M.
Convenient, Always-On Access with Room for Speed Improvement
Reviewed on Mar 03, 2026
Review provided by G2
What do you like best about the product?
I really like that Zscaler Private Access is automated. It's turned on by default, which is a very interesting feature because when I'm using different software, I usually have to connect and disconnect, which can be a hassle. But with Zscaler Private Access, it's automatically opened and it never turns off for any reason. So it's always turned on automatically, which is great. I don't have to do anything.
What do you dislike about the product?
One thing I don't like about Zscaler Private Access is how much it affects my Internet speed. Normally my speed is about 30 to 35 megabits per second, but when using this, it drops to about 5 megabits per second. So, the speed is downgraded significantly.
What problems is the product solving and how is that benefiting you?
Zscaler Private Access solves the problem of having to physically visit the site every day. With this VPN, I can access the required websites from home, and the connection is set up automatically.