Problem: Current customers end users leverage heroku cli, terraform cli, and awscli to do their automation jobs. As Zscaler was rolled out we tackled the SSL piece but now these cli’s are enforcing the matching of IPs from the cli and the browser. Browser is getting a Zscaler address and the cli seems to be getting a direct IP. We aren’t skipping these domains via a PAC file but the mismatch is happening. The customer is still using Tunnel 1.0 and an all ZCC setup (no tunnels and no locations)
As an example the documentation for Heroku say you just need to set the HTTPS_PROXY variable and this resolves the issue but I’m not clear on how to do that w/ ZS. https://devcenter.heroku.com/changelog-items/1873. Is this a DPP setup? But documentation seems to point to locations as a key.
Anyone shed some light on these tools and how you’ve solved it outside of just sending this traffic DIRECT via a PAC file?