I went over the articles for IP anchoring. I understood how to configure it, but I finished the doc with more doubts.
I have a theory of how it works, by sending traffic to ZIA (all security engines apply here) then from ZIA traffic goes to ZPA to the App Connector and from there it goes directly to the Internet (No need to pass through Zscaler this time) Is that how it works?
Also, the way to specify the traffic that I want to keep our public IP is per App Segment, so, that means that I need a application segment per subnets that I want to keep the public IP when going out?
Also, Does this traffic counts toward the maximum bandwidth an App connector supports, if that is the case, Should I need to deploy a “special” App connector dedicated to this??
I could not found much more documentation about this topic and I felt the articles are focused only in how to configure it.
Has anyone configured this and had it working? Or anyone has some other info besides:
About Source IP Anchoring | Zscaler and Configuring Source IP Anchoring | Zscaler
Appreciate any help, thanks !