Why is user traffic not going to the nearest ZEN?


Why is user traffic not going to the nearest ZEN?

At times, users might experience slower than expected performance because their traffic is not being routed to the nearest ZEN (Zscaler Enforcement Node). Zscaler determines the closest available ZEN based on the geo-location information associated with the IP address that sent the request to resolve the Zscaler gateway name (for example, zscaler.net) or the IP address from which the PAC file was downloaded. The following information provides some reasons and tips on how you can edit your PAC file to resolve this issue.

  • The PAC file uses gateway.<Zscaler Cloud>:80 to define the ZEN (for example, gateway.zscaler.net:80), and the DNS server is not in the same geographic region as your internet gateway location. This is not recommended because the resolution of this domain name is based on the DNS server used. When the DNS server receives a request to resolve the host name, it returns the IP address of the ZEN in the Zscaler data center that it is closest to, which might not be the closest ZEN to the user. You can determine the IP address of the DNS server that resolved the Zscaler gateway name by resolving the following hostname: whoami.akamai.net

To resolve this issue, edit the PAC file and use ${GATEWAY}:80 for the primary proxy and ${SECONDARY_GATEWAY}:80 for the secondary proxy. 

  • The PAC file specifies the IP address of a Zscaler data center. This is not recommended either, as this might cause problems when the user is a remote user and is far from the ZEN. You should edit the PAC file and use ${GATEWAY}:80 for the primary ZEN and ${SECONDARY_GATEWAY}:80 for the secondary ZEN.  
  • The PAC file uses ${GATEWAY}:80 for the primary ZEN and ${SECONDARY_GATEWAY}:80 for the secondary ZEN. This is the preferred method because the service uses the GeoIP coordinates of the source IP address to determine the nearest ZEN. Zscaler uses MaxMind databases to associate the longitude/latitude coordinates with the source IP address. If the GeoIP coordinates are incorrect in the database, the user's traffic might be forwarded to a farther node. If this occurs, submit a support ticket so that Zscaler Support can override the GeoIP coordinates accordingly.