We are currently using GlobalProtect VPN alongside ZPA to route voice traffic to our datacenter. To date, we have used only IP addresses for destinations that get routed over GlobalProtect which has worked fine. We now have a use case for directing traffic over GlobalProtect using a DNS name that can only be resolved by our internal DNS servers. We currently do not allow DNS traffic to traverse ZPA, per Zscaler’s recommendations. So our dilemma is, how do our clients resolve a DNS name to an internal IP if we don’t allow DNS traffic. Has anyone seen anything like this or have any suggestions? We have considered populating the local Windows host file with the DNS/IP, but would prefer not to go down that route.