By-passing 2from Tunnel 2.0

Is there any way to by-pass traffic from Zscaler Tunnel 2.0 without using Forwarding PAC ?

The reason I am asking is if we are using a Forwarding PAC, Local proxy is being enforces on the end-user system proxy settings.

We have a requirement where some VPNs DO NOT establish the connection if there is a proxy enabled on the Local Machine.

Rahul V

You can try to bypass through VPN bypasses and destination exclusions.

1 Like

Tried that, but didn’t worked.

Rahul did you bypass the FQDN or IP ? We have 2 VPN solutions so for the one we added the FQDN but for the other we had to add the GW IP’s as FQDN didnt work.



Also it is good to see about if DNS servers are first bypassed as if the site is not public but the DNS traffic is send to zscaler then it could be an issue:

Also the VPN config needs to be checked as the VPN could be the one capturing the DNS traffic and check that Zscaler app is using packet mode and not route mode as to work with the VPN:

Hi Rahul,
In the Client Connector 3.8, we introduced a new feature that can improve the FQDNs bypassing process. “Adds two new options for the Z-Tunnel 2.0 protocol bypass feature: Redirect Web Traffic to ZCC Listening Proxy and Use Z-Tunnel 2.0 for Proxied Web Traffic”. Using these knobs can eliminate the need of using the forwarding PAC to bypass domains.

1 Like