Hello Everyone,
We are currently deploying ZIA company wide and wanted to know if anyone was able to do traffic forwarding successful using the ZIA/PAC file.
We use Azure as our datacenter and we have alot of ip whitelisted rules in place. We really don’t want to add entire zscaler super subnet to all our services. The only thing I could think of doing is bypassing traffic from Zscaler to our Cisco AnyConnect Client.
I do have following in the pac file
/* Redirect traffic to vpn
if (shExpMatch(host, “xxxxxx.org”) || shExpMatch(host, “*.xxxx.org”)) ||
(shExpMatch(host, “windows.net”) || shExpMatch(host, “*.windows.net”))
return “cisco any connect client ip”;
but when connecting to vpn and doing tracert some traffic goes over cisco any connect and .windows.net traffic goes via zscaler.
has anyone implemented traffic forwarding successful?
ZPA was built for this.
You can use the same Zscaler client (or PAC) deployed for ZIA today to connect to App Connectors in Azure or any app you still have in a data center.
You can DM me specifics but you need to use the VPN gateway setting in the App profile. Is this tunnel 1.0 or tunnel 2.0 and what forwarding mechanism are you using? Do you explicitly know your private ranges? Your above may kinda work but it’s not recommended.
Bypass the traffic from Zscaler, so it returns direct in the pac file
Add a route in your VPN table to direct that traffic across the VPN
That should work before you have SIPA enabled with ZPA
Checkout source ip anchoring from that zscaler have. But you will need an app connector for it.
Yea, I am aware that we could use ZPA which is phase 2 of our implementation. Currently we are only implementing ZIA and trying to figure out how to route the traffic to certain domains to our VPN Gateway vs Zscaler.
Hi Joe,
Thank you for your assistance yesterday. After chatting with you I am able to bypass zscaler for http and https sites. My next battle is can Zscaler route non http/https such as azure sql server which uses port 1433 to connect.
It can if you use Z-Tunnel 2.0.