ZIA Slow Speeds on fast links in Asia pacific region

Hi all,

Was wondering if anyone is seeing these random slow speeds with zscaler and how you went about resolving or if you are still experiencing any issues. We have many sites now with 1GBPs+ links but Zscaler didnt seem to scale very well with it at all. At times we used to be able to get close to full speeds running zscaler speed test, google speed test and speedtest.net but lately we have noticed that some sites is experiencing much slow as in like 7-20mbps download speeds when turning zscaler off it increases back to 600-900mbps which you expect from a 1gbps link.

Let us know if you are experiencing and if you ca-n say which towers. Ours seems to be mainly a issue at the following towers:


Thanks all

Have you seen if there any detected issues in Trust Zscaler site?

Also you can consider using suffix, _FX in your PAC file as when many users are using the same Public EDGE this can cause issues. Another solution is to use a private/virtual edge but it is more expensive.

Use the suffix, _FX to the ${COUNTRY_GATEWAY_HOST} variable in the PAC file for the PAC server to dynamically issue the gateway hosts within a country based on the client fingerprints, i.e. all users coming from a single egress IP address are given a gateway host from a pool of healthy gateway hosts. The fingerprint is used to ensure that a single device continues its session to the same gateway host.

Use the following syntax to include the ${COUNTRY_GATEWAY_HOST_FX} variable in your PAC file:


You can also use the _FX suffix with the subcloud variables. For example, ${COUNTRY_GATEWAY.<Subcloud>.<Zscaler cloud>.net_HOST_FX} and ${COUNTRY_SECONDARY.GATEWAY.<Subcloud>.<Zscaler cloud>.net_HOST_FX}.

I have a nice article about such issues:

no issues on trust site. And we dont use pac anymore its all driven trough the app now

If you opened the link I provided, you would see that " The _FX suffix provides load balancing for multiple gateway hosts depending on the HTTP headers (useragent, x-forwarded-for, and z-client). This variable is effective only for Zscaler Client Connector clients because the z-client ID is different for each user.", so you can still ad a PAC file and test.

If you are using Tunnel 1.0 or even Tunnel 2.0 a PAC file is optional but it can still be used as for tunnel 2.0 it will only affect the web traffic, also you may consider using ZDX to probe the applications that Zscaler slows down and also the Zscaler Analyzer can be tested that is the link I shared. Outside of that you may contact Zscaler as they may have more customers and to need to add more capacity or for you to consider Zscaler Virtual Edge that thay will host but will be just for you.