icon-cloud-connector.svg
Cloud & Branch Connector

About Traffic Forwarding

Traffic Forwarding is used to forward select traffic to specific destinations based on your needs. For example, if you want to forward specific traffic through Zscaler Internet Access (ZIA) or application traffic through Zscaler Private Access (ZPA), use the traffic forwarding method by configuring appropriate rules.

Traffic Forwarding provides the following benefits and enables you to:

  • Give granular control of traffic forwarding from cloud locations to ZIA or ZPA.
  • Grant the user the ability to bypass ZIA or ZPA for a portion of workload traffic.
  • Allow the user the ability to prevent traffic forwarding and drop selected workload traffic.

Zscaler is a technology partner with companies that can assist with traffic forwarding (Amazon and Microsoft). To learn more about the Zscaler, Amazon, and Microsoft traffic forwarding integration, see:

About the Traffic Forwarding Page

On the Traffic Forwarding page (Forwarding > Traffic Forwarding), you can do the following:

  1. Add a traffic forwarding rule.
  2. View a list of all forwarding rules. For each forwarding rule, you can view:
    • Rule Order: The order of the rule.
    • Rule Name: The name of the rule.
    • Criteria: The criteria defined for the rule.
    • Forwarding Method: The forwarding method used in the rule (Direct, ZIA, ZPA, or Drop).
    • Status: The status of the rule, which indicates if the rule is enabled or disabled.
    • Description: Additional notes or information about the gateway.
  3. View a list of predefined forwarding rules created by Zscaler. They are disabled by default, but you can enable them. Predefined rules appear based on the licenses enabled in your tenant:
    • Direct rule for Zscaler Cloud Endpoints: This rule states that if the destination is a Zscaler Cloud Endpoints application service group, then the forwarding method is set to Direct.
    • Direct rule for WAN Destinations Group: This rule states that if the destination is a WAN IP group, then the forwarding method is set to Direct.
    • Direct rule for LAN Destinations Group: This rule states that if the destination is a LAN IP group, then the forwarding method is set to Direct.

      Predefined forwarding rules are only applicable to hardware devices deployed in gateway mode. Additionally, you can only enable predefined forwarding rules if you have configured a location or Branch Connector group for them. Zscaler only allows devices deployed in gateway mode to be a part of the mandatory group used for these rules.

  4. Edit a traffic forwarding rule. You can only edit the Rule Order, Rule Status, Location/Sublocation, and Cloud & Branch Connector Groups fields for predefined forwarding rules.
  5. Duplicate a traffic forwarding rule.
  6. Delete a traffic forwarding rule.
  7. Modify the table and its columns.
  8. Search for a traffic forwarding rule.

Related Articles
About Traffic ForwardingConfiguring Traffic Forwarding Rules