We have been using Z-App since 1.0. Many new feature have been added over the years. We currently run our VPN with no split tunneling. This was fine until the use of video conferencing during the pandemic. Currently we are set with Tunnel-Routed mode, and NONE for On-Trusted and NONE for VPN Trusted. We don’t use PAC files.
I’d like to turn on Split Tunneling, and allow default route to go through Zscaler. We have some traffic bypassing Zscaler today on-net due to various reasons (usually when login move to using a non-standard TLS port). We also bypass GSuite since Zscaler doesn’t inspect it. So it would appear from reading that the best practice for us is:
- On-Net = NONE
- VPN-Trusted = Tunnel
- OFF-Trusted = Tunnel
Should we set the Tunnel to Packet Filter so we can create bypass rules?
It seems that the “HOSTNAME OR IP ADDRESS BYPASS FOR VPN GATEWAY” setting could be used for this with Routing mode.
Thanks for your suggestions.