ZPA Authentication issue in China

Random users in China reports authentication issues in China. Upon verification we noticed authentication request to ZPA fails.

Further analysis in packet capture, shows that DNS response to samlp.private.zscaler.com resolves to Ip which are hosted in AWS Korea.

Zscaler TAC says China’s Great firewall is often behind this issue and its out of their control.

Question:
Knowing these challenges in China, does Zscaler come up with any preventive measures that prevails the Service, like in-housing the supporting services (auth servers) in china?

Note: Due to Corona Outbreak, more of our end users tend to use remote access capabilities and we couldn’t commit a 100% available service.

Regards
Ganesh Krishnan

Hi Ganesh,

You are not alone here. We too still having many problems in China. Any more news or updates or improvements from from Zscaler are welcomed here. I am looking forward for it.

Best Regards,
GSR

Hi Ganesh,

In early March, an enhancement was made so that User auth requests are no longer proxied through China brokers, and instead go directly over the internet. Several customers have confirmed that this change has eliminated delays and issues observed during authentication into ZPA.

1 Like