Anyone can explain in technical way why tunnel is fallback to from tunnel 2.0 to tunnel 1.0?
@Altab_Khan , pls check the below line.
For Z-Tunnel 2.0, use a NAT device that doesn’t require a different egress IP for each device’s separate sessions, because doing so might cause Zscaler Client Connector to fall back to Z-Tunnel 1.0.
I also face this issue when using Mobile hotspot since for this NAT is done at ISP end and this might have multiple NAT IP configured for end user.
You might be blocking DTLS and don’t have the fallback option checked to allow Tunnel 2.0 to switch to TLS.