Untrusted vs Trusted with VOIP Calls

Good day, Zscaler community! I have been struggling between Zscaler support and our VOIP vendor for over a month on random issues when Zscaler is enabled. We have the Zscaler firewall configured to allow for the appropriate ports and services and destination exclusions in the policy and app profile. When on trusted network, the softphone VOIP calls tend to work. They 100% fail to connect when off trusted network and Zscaler enabled. Is there a way to ensure that the firewall polcies are honored for both Trusted & Off-Trusted networks?

Dean - you may want to ensure your ZCC is configured to run in Tunnel 2.0 mode which is required for Road Warriors to take advantage of advanced firewall policies. Check the your ZCC Mobile Portal and under Administration, Forwarding Profile, see if the off-trusted network configuration is using tunnel 2.0 as opposed to the default tunnel 1.0 setting.

Hi thanks for the suggestion. It looks like we are using 2.0 for both Trusted and un-Trusted. I’m unsure of the other settings having any impact on the softphone but pasted them here in case something sticks out.

Hi Dean,

Are you purely using ZIA or is ZPA in the mix too ?


Hi G. We are just using ZIA.


Can you check if the latest version of pulse secure running on the machine and ensure all pulse secure VPN gateways are bypassed in the app profile.

You may capture some wireshark logs and investigate more around the traffic.