Bypass traffic with GRE and Z-T 2.0

Greetings everyone,

We are facing 2 situations, when:
1- Off Network: Z-Tunnel 2.0 + PAC (FP)
2- On Network: none (there is a default route thru a GRE tunnel)

If I need to bypass traffic to a website, xyz.com, Do I need to create the bypass on both the PAC file (for remote users) and on the edge firewall where the GRE is configured (for local users) ?

(I am aware that for Z-T2.0 we need to modify also the App Profile PAC, but that is not my concern here)

If on the Forwarding profile for On-Trusted Network I select none + enforce proxy, will this suffice and I will not need to send traffic to xyz.com away from the GRE tunnel on the edge firewall, or I always need to bypass on both PAC files and edge firewall?

Thanks

If the goal is to always bypass xyz.com, then you’ll have to do so at the PAC and at the GRE.

1 Like

Thank you richardjroy!

I actually noticed that when setting the forwarding method to none, enforce proxy is not available, what is available is apply on network change, this means network change from on-trust to off-trust and vice versa as well? If that is the case, somehow the PAC file will have effect when local (traffic using GRE tunnel) right?