Hey all,
Looking for some advice. We have non-technical staff that use Zscaler without any issues, but have major challenges regarding our IT consulting teams connecting to customer VPNs to support them. I’ve already added as many IPs as I can to the SSL inspection/ATP bypass, but they seem to continue failing to connect at scale.
Does anyone have advice/guidance to address this issue? Currently running everything Tunnel 2.0, but not sure 1.0 would help since they’re still connecting on 80/443.
If you’re using ZCC, you need to add the IP and FQDN of the target VPN termination point to the VPN bypass section of the ZCC Application Profile those users are on.
If you’re using IPsec/GRE to Zscaler from the location the users are at, then you’ll need to bypass the route to the tunnel on your router or firewall where the tunnel terminates for those IPs/FQDNs.
Zscaler has all the big consulting firms, so this is something a lot of customers do at scale. In the ZCC portal, you’d just need to VPN bypass the FQDN from being sent to Zscaler.
You won’t need any config around ATP bypass or SSL Decryption, since the traffic shouldn’t be coming to ZIA.
That’s what I’ve been doing, but maybe I missed a few FQDN’s. Wasn’t sure if there was a more scalable solution.