Prior to Zscaler App 1.2.4, the Zscaler App would ignore configured proxy settings for enrollment. In some environments, computers connected to the corporate network have no direct or default route to connect to the Internet or external networks. The devices are typically configured with a company proxy server via group policy or a management solution.
In these scenarios, users, who browsed the web before enrollment, would connect to the Internet using the configured proxy. However, since the Zscaler App ignored the system proxy settings, enrollment to the Zscaler cloud would not connect.
As of Zscaler App 1.2.4, the app contacts the Zscaler cloud for enrollment. First, it performs a DNS request to resolve the cloud address, then attempts to establish a connection. If either of these tests fail, this means the device cannot connect to the Zscaler cloud directly. In this case, the Zscaler App looks for a configured system proxy and attempts connection through that. If this connection fails, the user is shown an error explaining that connection failed.
To configure Zscaler App to follow a proxy, ensure that the proxy is configured as the system default proxy. Zscaler App has no mechanism to manually define the proxy and it will follow the configured system proxy. Configure this either by using GPO or manually on the device (for example, via Internet Explorer settings).
Zscaler cannot perform SSL inspection on the user's traffic, because that traffic is using your corporate proxy. You must add any internal company domains to the SSL bypass list. If you do not, the Zscaler service will attempt to inspect this traffic, which would break connectivity.
Currently, proxy awareness is supported in Zscaler App 1.2.4 for Windows and macOS deployments. Mobile devices do not support this functionality. This functionality is available to you by default and does not require any configuration from the Zscaler App portal to use.