Force specific Zscaler DataCenter at App Profile PAC file

Hello,

Here in the company we are using Z-Tunnel 1.0 and we would like to force the connection through a specific Zscaler Cloud DataCenter.

We are using Zscaler Client Connector with the mode “tunnel with local proxy” and APP profile PAC to redirect the traffic to the Cloud.

Our goal is to force the traffic to be directed to the Sao Paulo IV Datacenter, the proxy hostname is: sao4.sme.zscloud.net

What we did in the .pac file was:

return "PROXY sao4.sme.zscaler.net:80; PROXY sao2-2.sme.zscaler.net:80; DIRECT;

I also tried before to use the same servers at the port 443, but it doesn´t work. Using the port 80 as indicated above, the ZCC keeps warning that there is a “captive portal” detected and the tunnel is not being closed with Zscaler.

I also tried to use the variable “GATEWAY_FN” but it doesn´t work, the connection continues to be redirected to SAO PAULO 2 some times.

Any ideas on how to accomplish my goal to force the connection only to SAO PAULO IV Datacenter?

You mention sao4.sme.zscloud.net , but then return sao4.sme.zscaler.net in the PAC. ZSCLOUD.NET and ZSCALER.NET are two different clouds. You need to ensure you’re connecting to the right cloud instance for your tenant.
Review Config | Zscaler for the node details for ZSCLOUD.NET.

return “PROXY sao4.sme.zscloud.net:80; PROXY sao2-2.sme.zscloud.net:80;”

would be the the appropriate statement for ZSCLOUD.NET

Conceptually, your line should work as I had this in my organization until very recently to avoid a specific DC, but as @mryan mentioned, make sure you’ve got the right cloud name. Also, make sure that ZCC is actually pulling the correct App Profile that contains this PAC.

1 Like

You need to fix your issue with the captive portal first. My guess is that the pac file is falling back to gateway.zscloud.net becasue it can’t connect. Check you have all the IP addresses open on your firewall.

Oh man,

How did I not notice this?

The support send me the name of the server´s and I have not confirmed that this was not from our Cloud.

Thanks for your observation, this solves my issue.

Have a nice week and thanks again!

2 Likes

This topic was automatically closed 5 days after the last reply. New replies are no longer allowed.