Mac OS Zapp with F5 Split-tunnel VPN

Hi, We are newly implementing Zapp for Mac OS for Internet access. On-net (“Enforce Proxy”) & Off-net (“Tunnel with Local proxy”) is working fine, but didnt get Internet access while on Split-tunnelled VPN. Both the Zapp connection & the split-tunnelled VPN are unstable & getting disconnected time to time.

As per Zscaler docs , the split-tunnelled VPN is NOT considered as VPN-network, but considered as Off-net in the Forwarding profile which is acceptable.

As per Zscaler recommendation for Mac OS, the Off-net access is set to “Tunnel with Local proxy” and the browser correctly receives the pac file URL as http://127.0.0.1:9000/proxy.pac making the Internet access working via Zapp for Off-net. But, with split-tunnel VPN, the same “Tunnel with Local proxy” mode is applied, & the pac file URL is seen set at browser, but the actual pac file not reachable via browser. In contrast, command line curl command is able to fetch the pac file correctly even while on split-tunnelled VPN.

Appreciate if any one could advise any troubleshooting steps to do.

Hi,

Suggest you to check if the f5 vpn is configured to push pac file to browser as well, which will introduce a race condition in the client device.

Now even with VPN split tunneling many customers are using z tunnel mode. But it requires you to add vpn host to the bypass host list under the app profile. This will eliminate the dependency of pac file for traffic forwarding. Now z tunnel only supports port 80 and 443 traffic, while the tunnel with local proxy supports all browser traffic. When we release the next version of z tunnel 2.0 it will be able to support all ports.

Best Regards,

Jones Leung

SE Manager, Greater China

Zscaler

You could replace the F5 VPN with Zscaler ZPA :wink: