I’m working on getting ZIA deployed to iOS via Intune. The phones are supervised. My goal is that users should not be able to access the internet from their iOS device without traffic being routed through Zscaler.
Have followed these directions:
It all works. I can log in to ZScaler using our SAML IDP and traffic is routed and inspected correctly. However, I can just go into settings on the iPhone and turn off VPN and traffic no longer goes via ZScaler.
I have also followed these instructions:
I’ve set up a Global HTTP Proxy on the phone, also via Intune, with a https-hosted PAC file that directs all traffic via 127.0.0.1:9000. This doesn’t solve the problem though.
Is what I’m trying to do (basically mimicking ‘always on’ VPN using Zscaler) actually possible? Some posts on this forum seem to suggest that it is but I can’t find complete instructions.
If it is possible, what additional configuration might I need to do to make it work?
Thank you for your help!