In the ZIA web logs, communications excluded by ZCC are not showing up in the bypass logs. Is there some setting that should be enabled?
There is very little information in the help about bypassed logs, so I don’t know how to configure it to show bypassed logs.
Use the fields below:
- SSL Inspected: Displays Yes if the SSL transaction was decrypted. Otherwise, it displays No.
- SSL Policy Reason: Whether the transaction was SSL inspected, not inspected, or blocked after inspection. Displays the reason if not inspected.
Also see this others as maybe the handshake is failing or the traffic is not going at all to Zscaler:
- Bypassed Transaction: Indicates whether the transaction bypassed the Zscaler Client Connector.
- Bypassed Transaction Event Time: The date and time when the transaction bypassed the Zscaler Client Connector.
- Certificate Chain Validity: If the server certificate is signed by a Zscaler-trusted certificate authority or not. This filter applies to SSL-inspected traffic.
- Client Connection Cipher: The cipher suite agreed upon during the SSL handshake between the client and the ZIA Public Service Edge . This filter applies to SSL inspected traffic.
- Client Connection TLS Version: The version of TLS used for communication between the client and the ZIA Public Service Edge. This filter applies to SSL inspected traffic.
- Client External IP: This is the Internet gateway location IP address.
- Client IP: The IP address from which the transaction originated. This is the IP address of the client device.
- Client Session Reused: If an SSL connection between the client and Zscaler was reused for the web transaction.
- Client Source Port: The source port number from which the traffic originated. This filter is disabled by default. To enable it, contact Zscaler Support.
- Client SSL Handshake Failure Aggregate Count: The total number of client SSL handshake failures within the selected timeframe.
- Client SSL Handshake Failure Reason: The reason for the client SSL handshake failure.