Tunnel 2.0 not provisioned: need Zscaler SE signoff?

lucaberta · February 26, 2021, 4:30pm

Hello all,

I wanted to run tests using Tunnel 2.0 on our instance we have access to as Zscaler partners.

As I could not see the tunnel version selector in the forwarding profile, I opened a case with TAC.

TAC told me the Tunnel 2.0 is not provisioned on the instance, and that I should open a new case asking to have Tunnel 2.0 provisioned, which I did.

The interesting part is that I have discovered that a Zscaler Sales Engineer has to fill in some Google Form in order for TAC to approve provisioning Tunnel 2.0 on our instance.

I hate to waste the time of our local Zscaler SE, and while I have already emailed him about this need, I wonder now what is the rationale behind the need to have a Zscaler SE being involved with such a request, especially since we are an official Zscaler partner, and I have received both ZCCP-PA and ZCCP-IA certification, if that would be the issue.

Why isn’t Tunnel 2.0 available by default?

Inquiring minds want to know…

Have a great weekend!

Bye, Luca
CryptoNet Labs

dcreedy · March 1, 2021, 11:34pm

Hi Luca!

While 2.0 is considered GA, we still want to collect data around how its being used and deployed. The form is asking for data around user distribution, transport (through GRE/IPSEC or Direct) and other bits and pieces. This data is used so we can see where and how people are using the function, so we can better align resources for it. It’s less about ‘getting approval’, and more about collecting data and planning.

Regarding why its the SE filling it out, in reality this can be anyone at Zscaler who knows the answers for this. This often ends up being the SE, but its not a requirement. Initially this was a customer/partner facing form, but this caused a lot of confusion around entering cloudnames/org-ids and typically ended up with a Zscaler person entering the data for the customer.

Regards

David