UAC (Unified access control) in SRX interoperability with ZPA

We use secured servers protected by UAC (Multi factor authentication) configured in our SRX firewall. Our ZPA we have multiple connectors. So initial request to MFA url are passed by connector 1 and application uses random connector (1 to 10). T. SRX UAC maintains auth table while cache Source IP (connector 1) and expect rest of the connection via same connector. This breaks the connection since these application are accessed by different connectors.

Whereas we created application segment for MFA url and application reachable via single connector. By this way if multiple user tries to connect MFA url, it only authenticates one session and maintains Session. It blocks rest of the session (might be consider the rest of the connection as DDOS).

We couldn’t come up with any working scenario in ZPA with UAC. Did anyone faced similar issue?

Did Zscaler has came across this issue with any other customer?

Ganesh Krishnan