Using Zscaler PSEs – where the policies are applied and enforced
The next important component of the Zscaler cloud is the PSE. Recall that Zscaler sits between the end user and the web destination; so, when the end user is trying to go out to the internet, their first stop is the PSE. The user web traffic directly hits the nearest PSE or the PSE configured by the company administrator.
The PSE being in the data plane, its task is to perform high-speed data-packet inspection and company policy enforcement. When the PSE encounters a new packet for which it does not know the company or user details, it performs a lookup to the CA and asks the CA for details about that packet. It extracts that randomized identifier we talked about in the previous section and uses it to query the CA. The CA returns the identity and the policy information for that identifier in less than a second.
For all subsequent data packets that are part of this traffic session, the PSE remembers this user...