When the device is used in Trusted NW (ZCC ZIA OFF), Windows Update fails.
However, there is no evidence of blocking in the ZIA logs (Web & FW).
When using UnTrusted NW (ZCC ZIA ON), Windows Update succeeds.
The Trusted NW uses Cisco SD-WAN, but no access control is set for Windows Update.
CiscoRouter and Zscaler are connected via IP-SecVPN.
Could you please tell me why Windows Update failed?
This is happening on all devices and the OS is Windows 10.
I would try the AUTH exemptions for the URLs and also look into the BITs traffic at the SD-WAN and IPsec tunnel configurations and make sure it is given full access ------ also BITs for updates can be cumbersome and slow ---- watch for idle timeouts and session drops
You could also use SCCM / Intune / Tanium / Altiris â these will push via configuration the updates off BITs and into 443 downloads much easier to deliver