SSH disconnects

Hello community,

I am Georgios. Recently, we launched ZPA on 200 users across my company in order to evaluate the product and get their feedback.

We have received a lot of complains from users saying about random connection disconnects. Most of them have 3-4 SSH connections and they say that randomly the connections just drop. That is verified from the ZApp logs as they can see Private Access is enabled (few minutes ago) which means for a reason it was disconnected.

Has anyone else in this community experienced the same problem?

We do have an open ticket with zscaler: 997518

Thank you in advance,
Georgios

Hi Georgios,

We did not experience this. Our SSH access is working fine on ZPA. Just curious on, How these servers / app segments are defined? Are they defined with explicit FQDN and ports or these are covered using wildcards app segments? In our experience, some time the wildcard entry servers are having some intermittent connections for certain ports. So thats why i am asking on how these apps are defined in ZPA.

Best Regards,
GSR

2 Likes

Hello Reddy,

Thank you for your response.

The application segments are a mixture of FQDNs and wildcards. We have over 1500 entries which most of them are wildcards, we would not be able to administer FQDNs.

Whether the disconnects are coming from a wildcard, I do not know to be honest. However, I will ask the users to provide names of the servers they are having problems and I will figure out.

For now, I will few SSH connection overnight to see if they will be dropped.

Thank you,
Georgios

What’s your IDLE CONNECTION TIMEOUT set to in your Timeout Policy?

1 Like

Hello GordonWright,

IDLE CONNECTION TIMEOUT is the first thing someone will look at. Obviously, it is not the problem.

We finally found the problem which resides on zscaler software. We received and tested a newer version that has not been released yet. It seems that the issue goes away with it.

Thanks,
Georgios

Hi Georgios,

Can you please share more info what is that problem in Zscaler software? is it connector version or Zapp or something else? We appreciate your info as that might be useful to us as well.

Best Regards.
GSR.

Also curious on software version. How did you determine the software version was the issue?

Did you ever verify session end reason and potentially correlate that to the disconnects?

Hello community.

It is now resolved. Yes, it was a Zscaler software problem. The Zscaler engineer that was assigned to our ticket finally figured out about a process running on the background. They amended the code and shared with us an updated version. We have been testing it for the last month and the problem has gone away.

Regards,
Georgios

It was a Zapp problem. Probably in every version older than they 2.1.x.x we have received (not yet released). Versions we tested 1.5.2.7, 14.3.1, 1.5.1.5, 1.4.3.1
No, I cannot share more info about the software problem as I was not the software developer dealing with it.

Regards,
Georgios