When should I choose tunnel mode instead of tunnel with local proxy

I am just wondering that in which scenario I should choose tunnel mode instead of tunnel with local proxy.

In my image, even though I choose TWLP, it doesn’t mean that I have to use local proxy, right?

It seems that TWLP can do what tunnel mode can do,
and I don’t need to write bypass into both forwarding profile and App profile as tunnel mode does.

So, I can’t not come up which scenario I have to use tunnel mode instead of tunnel with local proxy.
Could anyone please tell me?

Hi,
When you use tunnel with local proxy, all proxy aware web based applications traffic can proxied and tunneled to Zscaler. This approach is good if you have legacy applications with compatibility issues with ZCC. Even for VPN client with ZCC. PAC bypasses are to be included in APP profile VPN bypass area if it is fqdn or IP address. URL bypasses are should be on Forwarding profile PAC file.

In case of All Tunnel mode, all exception to be handled in APP profile and PAC file. This is generally chosen mode. Tunnel with local proxy will be fallback option for tunnel mode. You can straight away choose tunnel mode with packet filter mode for all infra.

Regards
Ramesh M

The below post has a few additional details: