i have a question about zapp forwarding with road warrior users.
All workstations have zapp client running, and one some sites or ressources, it seems we are seen with the public ip of the client but not with zscaler proxy ip (so problem with ip filtering).
We use ztunnel 1.0, mode tunnel for rw, pac in forwarding and app profile (previously in tunnel with loca proxy).
How can i check traffic is correctly forwarded via zapp and not sent direct ?
Thanks for your help
Hello, if you are using Z-Tunnel 1.0 and PAC files then you are only forwarding web traffic to Zscaler. There is a chance that some of these apps are recording your IP address from traffic other than 80/443/9400 which would go direct. Also the Chrome browser will try to use the QUIC protocol which is not strictly web traffic and can go around Zscaler even when working in a browser. You may also have exceptions in your PAC or App Profiles where you may be exempting traffic from being sent to ZS.
Check whether there is IPV6 presence. If there is, make sure that IPV4 is preferred or that IPV6 is disabled.
Zapp currently only supports IPV4 on Windows/Mac and if the endpoint is using IPV6 is will bypass Zscaler.
Look at ip.zscaler.com to confirm that traffic is routed via Zscaler.
In addition to what my colleagues mentioned: You can check if traffic was forwarded to Zscaler via ZCC in the Web Insights. Go to Analytics -> Web Insights and choose appropriate filters (e.g. the URL in question). Then take a look at the column ‘Zscaler Client Connector Tunnel Version’.
If the traffic is not showing up in the logs then it was not forwarded to Zscaler. You can then take a packet capture on the client (e.g. with Wireshark) in order to check where the traffic was forwarded and see whether it was IPv6 traffic.
Thanks for your help, i will check all this points and make you a feedback.