SIP Server behind ZPA and Softphones via ZCC

Hello community,

is anyone here using SIP Server “behind” ZPA and clients registering SIP Softphones through ZCC aka Z-App? We “solved” the “SIP register issue” with a dedicated AzureVPN for now but I am wondering if anyone found a more convenient/better/secure solution. Zscaler ALG functionality for other protocols than FTP, PPTP and RTSP is still missing…

Last request about SIP ALG is nearly 3 years old: Zscaler Internet Access (ZIA) and Application Layer Gateway (ALG) enabled applications - #3 by patrickOS

Thanks and BR

There are already articles for this like the one below also ZIA ALG is for ZIA not ZPA as the ZIA cloud firewall can’t filter those ports, so better read the article below as the issue seems that the Communication server may need to start the connection to the computer agent in some cases and ZCC/Z-App supports only traffic from the ZCC to the Zscaler cloud and not server initiated traffic.

Hey Niokolay,

thanks for the link (indeed I did not searched for “soft phone”!) and therefore my Q was not precise enough :smiley:
I know how SIP is working and thats why I asked if anyone else has found a better approach than using a VPN and therefore the need to establish kind of “side-channels” into environments. Both Zscaler Solutions ZIA and ZPA are missing some ALG functionality although I understand that implementing that to ZPA could be difficult without weaken ZT due to the technical architecture.

Right now we are looking into providing SIP phones via AVD which looks promising and also removes the need for VPNs.