Pac file troubleshooting

Hi All,

We are using pac files. The pac files are being used for forwarding profile and in app profile policies. I would like to understand how we can troubleshoot to know if the connection is failing because of the something is specified or not specified in the pac file?
For more specific use case, we are using pac files to bypass pulse VPN, when user is on pulse VPN the connection should bypass zscaler, but this works for some resources and some resources don’t work. We exit Zscaler client and everything works with pulse VPN connection.

What logs to check? what troubleshooting steps should be followed?

Sounds like the issue may be related to which “Tunnel” option you’re using in the forwarding profile. Can you pinpoint the users it doesn’t work for, or is it random? Are they all Windows users, or a mix of Windows and Mac?

Which Tunnel Option are you using? Go to:
Administration–>Forwarding Profiles
Click the Pencil to Edit the Forwarding Profile in use
Under “Windows Selection Driver”, is it Route Based, or Packet Filter Driver?
Under “FORWARDING PROFILE ACTION FOR ZIA”, is it Tunnel, Tunnel w/Local Proxy, Enforce Proxy, or None?

Thank you @jkelly.

currently we have FORWARDING PROFILE ACTION FOR ZPA -->> NONE (On Trusted Network) -->> VPN Trusted Network (Same as “On Trusted Network”) -->> Tunnel (Off Trusted Network).
we were able to solve the issue by adding the IPs in the exclusion list.

But my question is what looks to look at if we have these kind of problems with pac files and what troubleshooting we should be doing.

Hi @vikas.tiwari

Glad you were able to get the issue resolved. Going forward, as a best practice, to bypass your VPN using ip/hostnames, it should be done in the App Profile in the “HOSTNAME OR IP ADDRESS BYPASS FOR VPN GATEWAY” section, vs pac file. Depending on the tunnel type you use, the bypasses in the forwarding pac file could be evaluated after bypasses in the App Profile, possibly causing issues. If you have 30 mins, a great video to watch would be this one:

This was made by our client connector PM.