We are currently deploying ZIA. I am seeing issues with ZIA and Visual Studios and the Salesforce CLI. Is there a way to add our ZScaler certificate to Salesforce to allow the cert or do we have to just SSL bypass salesforce?
I have seen some internal resources on deploying SFDC, it’s kind of old information so I am not sure if it’s still relevant. I feel this may be a bit more involved than simply bypassing. Of course, I am sure someone here has dived into it, and hopefully, they can follow up and explain their process.
In the meantime, I would also reach out to support to see if they can share anything that is public-facing.
When you say “add our ZScaler certificate to Salesforce”. Zscaler ZIA is acting like a client on the serverside of the connection, so there shouldn’t be any cert except if you do Client SSL auth on Salesforce and if this is the case, you may need to bypass this:
Still a workaround could be to souce the Zscaler traffic from an IP address and add it to Salesforce and make Zscaler cloud to check client machine cert on the client side of the connection
Example with Office 365:
Outside of that check really fast you CASB Inline capabilities setting (the out-of-band settings in most cases shouldn’t cause issues) and maybe dissable them or the web isolation if used just to exclude them as an issue maybe for a test user.