Detection when switching between VPN Trusted network and Off Trusted Network


In my current setup we are in a situation, where users might need to switch between our traditional VPN and ZPA.

Both clients coexist, and ZPA behaves correctly and swtches to VPN trusted when the VPN is launched.

The problem appears on the opposite direction, when a user disconnects from the VPN, the ZCC client ( appears to be way more time than expected on “VPN Trusted Network” status, until a point where it automatically switches to “Off Trusted Network”. This time seems to vary between 30 seconds and something above 1’10". What bothers me is in fact this lack of predictability and this appears to be for way more time than expected.

Hence my questions:

  • What is triggering the detection between Off Trusted and VPN Trusted?
  • Can we change the speed of this detection process?
  • What could we do to increase the detection speed?


Hi Mario,

  1. You can check your mobile portal (ZCC) portal for you Trusted network criteria which can consist of several conditions like DNS suffix AND/OR DNS Server AND/OR IP address for hostname
  2. Depends, can you share OS and VPN vendor/version?
  3. Could you maybe share which ‘Trusted Network’ conditions you are using? (Values not required)


1 Like

Hello! I am seeing this behavior as well. We are on Win 10 and Pulse, and I am using the DNS search domain as the trusted network trigger. Anything I can do to speed this up? We have users with broken connections due to hopping between several VPNs, or even after reconnecting after a timeout if done too quickly.