MacOS and AnyConnect VPN & ZPA

When our MacOS users connect to any VPN, Split-Tunnel or Full-Tunnel, ZPA no longer intercepts the traffic. We see the “00:00:00:00:00” source and destination MACaddress in the packet captures for DNS lookups, but the DNS never is intercepted to like it is when they are off VPN.

Is there a way for MacOS Zapp ZPA to intercept interesting traffic when on a VPN?