How do I add or delete multiple locations and sub-locations?

To add or delete multiple locations in the admin portal, you can import a CSV file. You can also use a CSV file to add or delete the following features to existing locations:

  • Sub-locations
  • IP addresses
  • VPN information
  • Dedicated Proxy Port numbers
  • Virtual ZENs
  • Virtual ZEN clusters

In the admin portal, you can download a sample file which shows the correct CSV format for adding or deleting locations or location features. Go to Administration > Locations, and click Sample Import CSV File to download the sample file. Note, you can click Download CSV to download a CSV file that displays your current configured locations, but you cannot use this CSV file for adding or deleting additional locations or location features. You must create a new CSV file.

In addition to the sample file, you can find in the next section details on correctly formatting the CSV file when adding/deleting locations, or adding/deleting features for existing locations. Note that the service will display an error message if you try to upload an incorrectly formatted CSV file.

Formatting CSV Files

You can find below a list of the field values you must enter when adding or deleting locations or location features with a CSV file. The field values are listed in the order they must be entered on each row, and all required fields, as well as fields that are required only under certain conditions, are specified. You must place a comma between each field value; a space between commas is not required but may be added if preferred. If a field is not required, and you do not want to enter a value for the field, you must enter a comma [,] in its place to indicate to the service that you are skipping over this value. For example, if you are skipping over the “State” value, you would add an additional comma between your IP address and country so that your line would look similar to this:

+,Location,San Jose,10.11.12.13,,United States…

Values are not case-sensitive. For example, the service will accept “Auth” or “auth”.

Click below to learn more about formatting CSV files for adding locations and other location features. Note  that you can use one CSV file to add or delete different types of information. For example, in one CSV file, you can have several lines for adding or deleting multiple locations, immediately followed by several lines adding or deleting sub-locations for either those locations or other existing locations, followed by several lines adding or deleting ports for those locations or other existing locations.

CSV Format for Adding or Deleting Locations

Below are the fields for adding or deleting locations.

  • Add/Delete (Required): Enter + or - to indicate whether you want to add or delete a location. This field is required.
  • Location (Required): Enter "Location."
  • Location name (Required): Enter the name of your location.
  • IP (Required unless you enter a value for Dedicated Port, VPN-Type/VPN-username, VirtualZENCluster, or VirtualZENClusterName): Enter the location's public IP address. If you are not entering an IP address, enter a comma instead. Note, if you want to add multiple IP addresses to a location, you must enter a new row for each IP address. See example.
  • State: Enter the state for the location. If you do not enter a state, or if the location is in a country outside of the United States, enter a comma instead
  • Country (Required): Enter the country for the location:
  • Time Zone (Required): Enter the location time zone. When you specify the location in a policy, the service applies the policy according to the location's time zone. For example, if a Cloud App Control policy blocks posting to Facebook between 8 a.m. and 5 p.m., and the rule is applied to locations in Spain and California, users at each location will be blocked during their respective daytime hours.
  • Auth (Required if entering a value in Dedicated Port or enabling SurrogateIP.): Enter "Auth" if you want to require users from this location to authenticate to the Zscaler service. If you do not want to enable authentication (or if you want to disable it for an existing location), enter a comma instead.
  • XFF-Enable: Enter “XFF-Enable” if this location uses proxy chaining to forward traffic to the service, and you want the service to look up XFF headers in HTTP requests to identify the IP address of the original client and apply appropriate sub-location or user policies. If you do not want to enable this feature (or if you want to disable it for an existing location), enter a comma instead.
  • SSL-Enable: Enter "SSL-Enable" if you want to enable the Zscaler service to decrypt HTTPS transactions at this location. If you do not want to enable SSL inspection (or if you want to disable it for an existing location), enter a comma instead.
  • Firewall-Enable: Enter "Firewall-Enable" if you want to enable firewall at the location. If you do not want to enable firewall (or if you want to disable it for an existing location), enter a comma instead.
  • Bandwidth-Enable: Enter "Bandwidth-Enable" if you want to enable Bandwidth Control for the location. If you do not want to enable Bandwidth Control (or if you want to disable it for an existing location), enter a comma instead.
  • Download (Mbps) (Required if you enable Bandwidth): If you enabled Bandwidth Control, enter the maximum upload bandwidth limit for the location. If you have not enabled Bandwidth Control, enter a comma instead.
  • Upload (Mbps) (Required if you enable Bandwidth): If you enabled Bandwidth Control, enter the maximum upload bandwidth limit for the location. If you have not enabled Bandwidth Control, enter a comma instead.
  • SurrogateIP-Enable (If you enable this feature, you must also enable Auth): Enter "SurrogateIP-Enable" to enable Surrogate IP and map users to device IP addresses. If you do not want to enable Surrogate IP (or if you want to disable it for an existing location), enter a comma instead.
  • SurrogateIP-Idle-Time (Required if you enable SurrogateIP): If you're enabling Surrogate IP, specify how long after a completed transaction the service retains the mapping of IP addresses to users. You can enter any value from 1 minute to 30 days. If you have not enabled Surrogate IP, enter a comma instead.
  • VPN-type: (Required unless you enter a value for IP, Dedicated port, VirtualZenName, or VirtualZenClusterName) If this location uses an IPsec VPN tunnel to forward traffic to the Zscaler service, enter the VPN-type for the location (either “IP” or “FQDN”). If you are not entering a VPN type, enter a comma instead.
  • VPN-username (Required if you enter VPN-type): For IP addresses, enter the gateway IP address given to Zscaler beforehand. For FQDN, enter the FQDN that was given to Zscaler beforehand. If you did not enter a VPN type, enter a comma instead.
  • Dedicated port (Required unless you enter a value for IP or VPN-type/VPN-username, VirtualZenName, or VirtualZenClusterName. If you are entering a value here, you must also enable Auth.): If the location is associated with a dedicated proxy port, enter the port number. If you are not adding a dedicated port, enter a comma instead.
  • ,VirtualZenName (Required unless you enter a value for IP, Dedicated port, VPN-type/VPN-UserName, or VirtualZenClusterName): If the location sends traffic to a VZEN, enter a comma [,], then the name of the VZEN. The comma is required because this is the place where the service expects to see the parent name for sub-locations. You must add the comma to indicate there is no parent location here because this entry is not a sub-location. (Note that a single VZEN is used for testing purposes only, and in production environments, VZEN clusters must be used.) If you are not adding a VZEN, enter a comma instead.
  • VirtualZenClusterName (Required unless you enter a value for IP, Dedicated port, VPN-type/VPN-UserName, or VirtualZenName) If the location sends traffic to a VZEN Cluster, enter the name of the VZEN cluster. If you are not adding a VZEN cluster, enter a comma instead.
  • SurrogateIP-Enforced-KnownBrowsers (If you enable this feature, SurrogateIP must be enabled.): Enter “SurrogateIP-Enforced-KnownBrowsers” to enable the Zscaler service to use an existing IP-to-user mapping to identify users sending traffic from browsers. If you are not enabling Surrogate IP for Known Browsers (or if you want to disable it for an existing location), enter a comma instead.
  • SurrogateIP-Refresh Time (Required if you enable SurrogateIP-Enforced-KnownBrowsers): Specify how long the service can use the existing IP-to-user mapping for identifying users sending traffic from browsers. You can enter any value from 1 minute to 8 hours. If you have not enabled Surrogate IP for Known Browsers, enter a comma instead.

Below is an example of a properly formatted entry for importing a location:

CSV Format for Adding or Deleting Locations

IP

To add three different IP addresses to the location “San Jose,” you would enter:

IP

CSV Format for Adding or Deleting Sub-Locations for Locations

Below are the fields for adding or deleting sub-locations.

  • Add/Delete (Required): Enter + or - to indicate whether you want to add or delete the following sub-location. This field is required.
  • SubLocation (Required): Enter "SubLocation."
  • Sub-location name (Required): Enter the name of your sub-location.
  • IP (Required): Enter the sub-location's internal IP address. Note, if you want to add multiple IP addresses to a sub-location, you must enter a new row for each address. See example.
  • State: Enter the state for the sub-location. If you do not enter a state, or if the location is in a country outside of the United States, enter a comma instead.
  • Country (Required): Enter the country for the sub-location:
  • Time Zone (Required): Enter the sub-location time zone. When you specify the sub-location in a policy, the service applies the policy according to the sub-location's time zone. For example, if a Cloud App Control policy blocks posting to Facebook between 8 a.m. and 5 p.m., and the rule is applied to sub-locations in Spain and California, users at each sub-location will be blocked during their respective daytime hours.
  • Auth (Required if enabling SurrogateIP.): Enter "Auth" if you want to require users from this sub-location to authenticate to the Zscaler service. If you do not want to enable authentication (or if you want to disable it for an existing location), enter a comma instead.
  • XFF-Enable: Enter “XFF-Enable” if this sub-location uses proxy chaining to forward traffic to the service, and you want the service to look up XFF headers in HTTP requests to identify the IP address of the original client and apply appropriate sub-location or user policies. If you do not want to enable this feature (or if you want to disable it for an existing location), enter a comma instead.
  • SSL-Enable: Enter "SSL-Enable" if you want to enable the Zscaler service to decrypt HTTPS transactions at this sub-location. If you do not want to enable SSL inspection (or if you want to disable it for an existing location), enter a comma instead.
  • Firewall-Enable: Enter "Firewall-Enable" if you want to enable firewall at the sub-location. If you do not want to enable firewall (or if you want to disable it for an existing location), enter a comma instead.
  • Bandwidth-Enable: Enter "Bandwidth-Enable" if you want to enable Bandwidth Control for the sub-location. If you do not want to enable Bandwidth Control (or if you want to disable it for an existing location), enter a comma instead.
  • Download (Mbps) (Required if you enable Bandwidth): If you enabled Bandwidth Control, enter the maximum upload bandwidth limit for the sub-location. If you have not enabled Bandwidth Control, enter a comma instead.
  • Upload (Mbps) (Required if you enable Bandwidth): If you enabled Bandwidth Control, enter the maximum upload bandwidth limit for the sub-location. If you have not enabled Bandwidth Control, enter a comma instead.
  • SurrogateIP-Enable (If you enable this feature, you must also enable Auth): Enter "SurrogateIP-Enable" to enable Surrogate IP and map users to device IP addresses. If you do not want to enable Surrogate IP (or if you want to disable it for an existing location), enter a comma instead.
  • SurrogateIP-Idle-Time (Required if you enable SurrogateIP): If you're enabling Surrogate IP, specify how long after a completed transaction the service retains the mapping of IP addresses to users. You can enter any value from 1 minute to 30 days. If you have not enabled Surrogate IP, enter a comma instead.
  • VPN-type: You cannot enter a value for this field. Enter a comma to indicate that this field is empty.
  • VPN-username: You cannot enter a value for this field. Enter a comma to indicate that this field is empty.
  • Dedicated port: You cannot enter a value for this field. Enter a comma to indicate that this field is empty.
  • Parent Location Name (Required): Enter the name of the parent location to which this sub-location belongs.  
  • VirtualZenName: You cannot enter a value for this field. Enter a comma to indicate that this field is empty.
  • VirtualZenClusterName: You cannot enter a value for this field. Enter a comma to indicate that this field is empty.
  • SurrogateIP-Enforced-KnownBrowsers (If you enable this feature, SurrogateIP must be enabled.): Enter “SurrogateIP-Enforced-KnownBrowsers” to enable the Zscaler service to use an existing IP-to-user mapping to identify users sending traffic from browsers. If you are not enabling Surrogate IP for Known Browsers (or if you want to disable it for an existing location), enter a comma instead.
  • SurrogateIP-Refresh Time (Required if you enable SurrogateIP-Enforced-KnownBrowsers): Specify how long the service can use the existing IP-to-user mapping for identifying users sending traffic from browsers. You can enter any value from 1 minute to 8 hours. If you have not enabled Surrogate IP for Known Browsers, enter a comma instead.

Below is an example of a properly formatted entry for adding a sub-location to an existing location:

CSV Format for Adding or Deleting Sub-Locations for Locations

IP sub

To add three different IP addresses to the sub-location “San Jose,” you would enter:

IP sub

CSV Format for Adding or Deleting IP addresses for Locations

All fields below are required.

  • Add/Delete: Enter + or - to indicate whether you want to add or delete the IP address for the location.
  • IP: Enter the word "IP."
  • Location Name: Enter the location name to which you want to add the IP address.
  • IP address: Enter the IP address.

Below is an example of a properly formatted entry for adding an IP address to an existing location:

CSV Format for Adding or Deleting IP addresses for Locations

CSV Format for Adding or Deleting VPNs Locations

All fields below are required.

  • Add/Delete: Enter + or - to indicate whether you want to add or delete the VPN information for the location.
  • VPN: Enter the word "VPN."
  • Location Name: Enter the location name to which you want to add the VPN information.
  • VPN Type: Enter the VPN Type (either “IP” or “FQDN”).
  • VPN-username: Enter the VPN username. For IP addresses, enter the gateway IP address given to Zscaler beforehand. For FQDN, enter the FQDN that was given to Zscaler beforehand..

Below is an example of a properly formatted entry for adding a VPN to an existing location:

CSV Format for Adding or Deleting VPNs Locations

CSV Format for Adding or Deleting Dedicated Proxy Ports for Locations

All fields below are required.

  • Add/Delete: Enter + or - to indicate whether you want to add or delete the port for the location.
  • Port: Enter the word "Port."
  • Location Name: Enter the location name to which you want to add the port.
  • Port number: Enter the port number for the location.

Below is an example of a properly formatted entry for adding a dedicated proxy port to an existing location:

CSV Format for Adding or Deleting Dedicated Proxy Ports for Locations

CSV Format for Adding or Deleting VZENs for Locations

All fields below are required.

  • Add/Delete: Enter + or - to indicate whether you want to add or delete the VZEN for the location.
  • VirtualZen: Enter the word "VirtualZen."
  • Location Name: Enter the location name to which you want to add the VZEN.
  • VirtualZenName: Enter the name of the VZEN.

Below is an example of a properly formatted entry for adding a VZEN to an existing location:

CSV Format for Adding or Deleting VZENs for Locations

CSV Format for Adding or Deleting VZEN Clusters for Locations

All fields below are required.

  • Add/Delete: Enter + or - to indicate whether you want to add or delete the VZEN cluster for the location.
  • VirtualZenCluster: Enter the word "VirtualZenCluster."
  • Location Name: Enter the location name to which you want to add the VZEN cluster.
  • VirtualZenClusterName: Enter the name of the VZEN cluster.

Below is an example of a properly formatted entry for adding a VZEN cluster to an existing location:

CSV Format for Adding or Deleting VZEN Clusters for Locations

Importing CSV Files

To add or delete locations or location features to existing locations with a CSV:

  1. Go to Administration > Resources > Locations.
  1. Click Import Locations.
  2. Click Choose File.
  3. Navigate to the CSV file, and click Open.
  4. Click Import.
  5. Upon successful import of the CSV file, close the window.