When you configure Forwarding Profiles from the Zscaler App portal, you can now specify how the Zscaler App forwards traffic based on the network to which the user is connected.
Following are the network types:
On Trusted Network: The device is connected to a network that the Zscaler App has identified as a trusted network.
On Trusted VPN Network: The device is connected to a trusted network through a third party VPN client.
Off Trusted Network: The device is not connected to a trusted network.
You can define any of the following traffic forwarding modes:
Tunnel Mode: Zscaler App establishes an HTTP Connect mode tunnel with a Zscaler Enforcement Node (ZEN). This mode forwards all port 80/443 traffic to the Zscaler service from a device.
Tunnel with Local Proxy Mode: Zscaler App sets up an HTTP Connect tunnel with a ZEN for all port 80/44 traffic that follows ‘System proxy’ configuration. Please ensure that the PAC file used with this mode is configured with a loopback IP socket (127.0.0.1:9000 or 127.0.01:9001 must be added in PAC file as gateway).
PAC Enforcement Mode: Zscaler App uses a PAC file without setting up an HTTP tunnel. Users may need to authenticate again with Zscaler service in this deployment mode.
Zscaler App has been verified to interoperate with an F5 VPN client in split tunnel as well as full tunnel mode.
Zscaler Private Access Enhancements
Zscaler App now supports UDP traffic for Zscaler Private Access (ZPA). UDP support provides coverage for real-time, connectionless application traffic, such as VoIP.
In the Zscaler App portal, you can configure a Forwarding Profile for ZPA that specifies whether the Zscaler App enables or disables ZPA when it determines that the user is connected to a trusted network directly or through a VPN, and when the user is connected to an untrusted network.
Zscaler App now supports wildcard search domains to resolve all domains associated with phrase and wildcard characters.
Zscaler App supports SRV records for DNS resolution to support clients that perform an SRV query. This can be used, for example, with Kerberos authentication.
Some users may encounter the 'Blue Screen of Death (BSOD)' on their Windows computer when they run Zscaler App in Tunnel mode with certain versions of a third party anti-virus client. This can be resolved by using either the Tunnel with Local Proxy or PAC Enforcement Forwarding profile of the Zscaler App.
Some users may encounter VoIP applications that may work erroneously. This can be resolved by using either the Tunnel with Local Proxy or PAC Enforcement Forwarding profile of the Zscaler App.