Powershell or CMD to Turn Off ZPA?

Is there a Powershell or command line to turn off ZPA? We are finding it is staying on when connected to our corporate domain network.

I basically have a Powershell script that will check if their IP is part of our domain scope and if so I’d like to toggle ZPA off.

Hey Karl,

Apologies I cant comment on Powershell support for ZCC but I’m curious which conditions you are using for ‘Trusted Networks’. Are you having this issue for ALL office locations of certain ones ?

We use DNS servers combined with DNS suffix BUT we found some locations (especially corp wi-fi) that didnt have the correct config.


I am not sure. Our Zscaler is managed by our “corporate office”. When I reached out to them enable this via the Zscaler configuration they said they were looking into it but I don’t anticipate it happening anytime soon.
Their response was to “have users turn it off manually” which isn’t a solution. But yes, ZPA stays ON on all networks until it is manually turned OFF. After a reboot it goes back to ON even when it says it is a Trusted Network.

There is currently no supported programmatic way to turn off ZPA at the client side. It really needs to be done at the admin console using trusted network detection. That being said, ZPA allows for different ways to react at the client side based upon which trusted network the user is connect to at the time. Trusted network detection can look at the IP subnet to which the user is connected, but can also look at the user’s assigned DNS server or at DNS resolution for a specific host. Trusted network detection also gives you the option to turn off ZPA entirely, or it can be used more granularly in policy to bypass ZPA only for some apps and not others. Regardless, it has to be done by an admin. One thing I would say is it’s not a very hard option to test and deploy in a non-disruptive way. Our support team can help even if it is a “how to” issue.

1 Like