I’ve been having a lot of trouble getting pac exclusions to work for Tunnel 2.0. We’ve been piloting Tunnel 2.0 and there are a few Chinese/Taiwanese sites we need to bypass and the pac file exclusions aren’t working. Zscaler support recommended using the VPN bypass in the app profile, but my understanding is that should only be used for VPN hosts. Anyone else running into this??
Here’s are example exclusions that aren’t working as the traffic still comes to Zscaler:
/* China Hospital site added Aug 9, 2021 by KG */
if (dnsDomainIs(host, “*gov.cn”)) return “DIRECT”;
if (dnsDomainIs(host, “login.gjzwfw.gov.cn”)) return “DIRECT”;
if (shExpMatch(url, “*.gov.cn”)) return “DIRECT”;
The second exclusion was working fine in the Tunnel 1.0 pac file.