Zscaler App and Tunnel Client

I’m working on behalf of a client who is running in packet filter mode with full tunnel.

They are trying to deploy a new tunnel app that sits on the 100.64.0.1 address and adds a route for the whole of the CGN network (100.64.0.0/10).

When this tunnel client is running the ZAPP fails to connect. Is there any way to debug the issue on the ZAPP to see where the traffic is going for the DNS tunnels which I also believe are on 100.64.0.3, 4, 5?

Is it the route that is the issue? Or will there be a clash somewhere else that could be causing this?

Is there any way to move zscaler off the 100.64 network ?

Hi,

What app is it they are bringing up? Is it a VPN client?

You can set ZAPP logging to debug. Recreate the issue then choose export logs from the taskbar. That can be given to support.
In this case, do you expect zscaler traffic to go down that tunnel or be separate? Hard to answer all of this without knowing a bit more.

Hi, thanks for the reply.

It’s similar to a VPN client in that it establishes a tunnel to a cloud resource but only redirects certain traffic.

We would expect that the ZAPP traffic work as normal and not be affected. It’s unclear how the packet filter traffic exits the client machine, does the packet filter look to the routing table so the ZAPP fails as we have a 100.64/10 route in place which kills it or is it more intelligent than that and will route to the interface with the default route on it?