Zscaler App 2.1.2 and Netgear Nighthawk R7000 challenge

Have an odd issue with using Zscaler App DTLS 2.0 across a expensive Netgear Nighthawk R7000 DSL router. A client computer connected to this router via WIFI and wired Ethernet can’t access Internet via Zscaler Internet Access service. Zscaler App show connected, but it’s not working. Nothing is accessible besides the destinations that we bypass in Forwarding Profile.

We use Windows Filter Driver, without proxy settings, and with reduced MTU in forwarding profile so TCP MSS is reasonable safe. We have 20000+ computers that work normally…

As soon as replace the R7000 with another old router, then it works OK, and it’s also working OK when computer is connected via WIFI to mobile phone 4G Internet sharing.

Every time we put the R7000 back in line, then it fails. R7000 run latest firmware.

Do you have any ideas on what is could be causing this…?


I recall Cisco phones and some VPN products having issues with Netgear products in the past when they were configured to use DTLS as well, though it’s been some time since I’ve come across it. If you want to debug it, you can pull logs from your system, as well as pull packet captures, and send those to support to see if we can identify what’s happening. It might be necessary to share that info with netgear as well.

A colleague of mine also suggests looking to see if the Netgear has SIP ALG enabled, and see if disabling it helps. Obviously this could affect other things so, if it has an effect you might not be able to remain in that config.