Tunnel 2.0 and Connecting to LAN Based Services


I’m new to using ZIA.

I’ve a tunnel 2.0 client connector setup in an office.
Now, a LAN based program that used to connect to a license server in the same subnet is not working.
There’s no option setting on the program (guessing its using broadcast, perhaps?) to connect to the license server.

Would like to ask, whether there is other user who has similar setup?
I’m wondering whether I can add the subnet / 24 into the Forwarding Profile VPN gateway or exclusion list for the LAN traffic.

Hi A_Y, you’re on the right path. Set that local subnet (or whichever local subnets you need to access) to go DIRECT in the forwarding profile / pac.


Are you using a public IP range on the internal LAN network. All private IP ranges should be excluded by default. As mentioned by others, you can add the respective internal subnets to the Ztunnel exclusion list.

If you know the specific port/address DNS fqdn/hostname you could create a more specific bypass for the license server.

You have exclusions in app profile itself. Not necessary to create IP / Subnet exclusions on the pac file

Ditto the above. Need more details to troubleshoot this one.

A packet capture from ZCC on the license server would be the place to start.

The cause was found.
It was missing in the exclusion list.
Understand that this is default when new profile is created. Somehow it was missing from the our list.

Need to add this to the checklist.
Lesson learned.