I’ve been doing a lot of reading on the community and zscaler article but i’m still getting confuse about app profile, forwarding profile and split tunnel. So I want to see if anyone can help.
(1) when should I use app profile pac vs forwarding profile pac? this is my current understanding of app profile & forwarding profile:
user request —> app profile (to decide if traffic should forward or bypass zapp all together) --> forwarding profile (decide what to do with that traffic for zia/zpa)
(2) my client wants to implement split tunnel because some of their internal application are server to client so it would not work with zpa. specifically we are looking at following scenarios:
a. when user is on-premise:
i. zpa —> disable
ii. zia —> enable; all traffic will go through gre tunnel
b. when user is off-premise:
i. zpa —> enable; private app traffic will go through zpa, and some exception apps will go through anyconnect vpn if they are not compatible
ii. zia ----> enable; all traffic will go to zia
They had zia for years and is now looking to implement zpa along with zapp. Any guidance on the best way to configure these scenario would be helpful.