I have a really weird issue with ZIA on Debian 11 with Gnome desktop.
When ZIA is connected, I cannot ping any FQDN on local network neither access on local webserver.
However internet works great, google, etc… ZIA status is “trusted network”.
My DHCP gives 3 DNS servers, put in /etc/resolv.conf
If I go into the network manager (nmcli, or with GUI) I see DNS are set automatically.
Now, if I disable automatic DNS and put THE SAMES DNS that I have in /etc/resolv.conf, I can access on my local network with FQDN through ZIA, but I switch in off-trusted network, so no internet…
So what is your “on trusted network” criteria defined as or does it represent your office LAN ?
How have you configured your ‘Forwarding Profile’ for the “on trusted network”? (Tunnel, Tunnel with local proxy or None ?)
Eglyn - G-Man8 seems to have the right idea. Specifying a trusted network would designate the range you don’t want ZCC to resolve. The point of the automatic DNS where ZCC resolves all DNS (both internal and external hostnames) is that if it didn’t work that way, a user could input their own DNS address for resolution and use an internal domain to resolve to any external host they wanted, thus bypassing the policy specified in ZIA for that URL (e.g. A record: internal.gambling.com 200.100.50.1 would potentially be a way to get to gambling.com even though gambling.com was blocked on ZIA).
Hi, thx for your answer, both
And sorry for my answer delay ^^
I am not directly the administrator of ZIA, but we do some tests with them, and it seems that Linux does not read the PAC file where there are all exceptions.
We added all DNS resolver in the trusted DNS, Zscaler is connected in trusted mode.
Everything works find to internet, but local network seems unreachable:
If we do a nslookup mylocalserver.mylan.local, it works
if we do a ping mylocalserver.mylan.local, it does not work
if we do a ping 192.168.1.1 (ip of the local server) it works
if we do a curl mylocalserver.mylan.local, it does not work
I don’t understand why nslookup works (that’s mean that the dns server is reachable) but not the fqdn ping? and the ip ping works ?
