ZAPP: App Profile PAC with an exception to forward specific url to Internal Proxy

I have scenaio where i need to forward specific url to our internal proxy server. when i added an exception in App profile (Tunnel Mode) like below, it forwards the traffic to the internal server but to the port 443 by default. I cannot change the listening port in my internal server.

Forwarding profile PAC
if(shExpMatch(host, “www.example.com”)) {
return “PROXY internalA-proxy.domain.com:80; PROXY internalB-proxy.domain.com:80; DIRECT”;
}

I was suggested (by TAC) to use Forwarding profile PAC with similar exception which will send the encapsulated traffic (src to internal proxy:80) to Zapp and Add the internal proxy server in App PAC Exception list to send DIRECt. However this doesn’t work becasue Zapp still forwards the traffic to internal server in port 443

APP Profile PAC
if(shExpMatch(host, “internalA-proxy.domain.com”) ||
shExpMatch(host, “internalB-proxy.domain.com”)) {
return “DIRECT”;
}

Regards
Ganesh Krishnan

Tunnel with local proxy should help to send traffic to your internal proxy at any ports defined by you. I have customer using it

Best Regards,

Jones Leung

SE Manager, Greater China

Zscaler

Also, note that when using tunnel mode, any internal proxies need to be defined in the forwarding profile PAC. App profile supports forwarding only to Zscaler proxies.

Jones/Scott
Thanks for the suggestion. We need to use Tunnel mode to support application which doesn’t honor proxy setting or pac file. We found a alternate solution for this.

Forwarding profile PAC
if(shExpMatch(host, “www.example.com”)) {
return “PROXY internalA-proxy.domain.com:80; PROXY internalB-proxy.domain.com:80; DIRECT”;
}

Bypass Internal Proxy in App Profile VPN/Host Bypass

Drawback: Bypass works only for first intrenal server. Second internal Server or DIRECT fall back doesn’t work.

I raised a TAC case to check why the fall back doesn’t work

Regards
Ganesh krishnan