Inquiry Regarding Zoom-Related Domains for File and Chat Control via ZIA

API and Webhooks Meetings
1

Description

We are implementing file and chat control for Zoom traffic using ZIA (Zscaler Internet Access) and would appreciate clarification regarding domain-level behaviors and best practices for policy design.

1. Zoom Domains Related to File Transfers

Under ZIA > Policy > File Type Control, we have configured the following policy:

  • Rule Name: Zoomkensyo_upload1_0617
  • Status: Enabled
  • File Type: All
  • Cloud Application: Zoom
  • Protocol: All
  • Location Group: Internal IP range
  • Other Settings: Any

We observe the following Zoom domains being blocked and recorded in the logs under this policy:

  • gstatic.zoom.us
  • st1.zoom.us
  • www3.zoom.us

In previous guidance, file.zoom.us and file-paa.zoom.us were described as the main domains involved in file transfers via Zoom.
Can you confirm whether the above domains are also directly or indirectly involved in file upload/download behavior?
Additionally, could you please provide a comprehensive list of domains that should be considered for file control related to Zoom?

2. Domains Related to Zoom Chat Traffic

We are also working to control chat traffic (including text messages) within Zoom.
Could you provide a list of relevant domains associated with Zoom Chat communications for the purpose of policy enforcement?

3. Best Practice for File Type Control Design

We are currently evaluating two approaches for applying file control:

  • Option A: Use ZIA File Type Control with “Cloud Application = Zoom” (current setup)
  • Option B: Create a custom URL category containing relevant Zoom domains (e.g., file.zoom.us) and apply control based on that URL category

Which approach is recommended as best practice for Zoom file transfer control?
Are there differences in coverage or reliability between application-based control and URL category–based control?

Error?

No specific error message; this is a clarification and design-related inquiry.

How To Reproduce

  1. Set a ZIA File Type Control policy targeting the “Zoom” cloud application with all file types and protocols enabled.
  2. Apply the policy to internal IP groups.
  3. Observe Zoom-related domains logged as blocked traffic (e.g., gstatic.zoom.us, etc.).
  4. Attempt to identify which domains are responsible for file or chat transmissions.

Please let us know if additional information such as screenshots or log entries would be helpful.
Thank you for your support.